CVE-2020-27674
5.3
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
How to fix CVE-2020-27674
To remediate CVE-2020-27674, upgrade the affected package to a fixed version below.
- Alpine/xen—upgrade to 4.12.4-r0 or later
- —upgrade to 4.14.0+80-gd101b417b7-1 or later
Is CVE-2020-27674 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.12.4-r0
- from 0, < 4.14.0+80-gd101b417b7-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |