CVE-2020-27670
https://notcve.org/view.php?id=CVE-2020-27670
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de páginas IOMMU de AMD puede ser actualizada a medias • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/9 http://xenbits.xen.org/xsa/advisory-347.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2020-27671
https://notcve.org/view.php?id=CVE-2020-27671
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado HVM y PVH de x86 causar una denegación de servicio (corrupción de datos), causar una filtración de datos o posiblemente alcanzar privilegios porque la combinación de descargas IOMMU TLB por página no se maneja apropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/8 http://xenbits.xen.org/xsa/advisory-346.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ •
CVE-2020-27672
https://notcve.org/view.php?id=CVE-2020-27672
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del SO invitado x86 causar una denegación de servicio del SO host, lograr una corrupción de datos o posiblemente alcanzar privilegios mediante la explotación de una condición de carrera que conlleva a un uso de la memoria previamente liberada involucrando a superpáginas de 2MiB y 1GiB • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html http://www.openwall.com/lists/oss-security/2021/01/19/7 http://xenbits.xen.org/xsa/advisory-345.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https://xenbits.xen.org/xsa/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2020-27674
https://notcve.org/view.php?id=CVE-2020-27674
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. Se detectó un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios de SO invitado de PV x86 alcanzar privilegios de SO invitado modificando el contenido de la memoria del kernel, porque una invalidación de las entradas TLB es manejada inapropiadamente durante el uso de una técnica de ataque similar a INVLPG • http://www.openwall.com/lists/oss-security/2021/01/19/5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZAM3LYJ5TZLSSNL3KXFILM46QKVTOUA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3U4LNKKXU4UP4Z5XP6TMIWSML3QODPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2 https://security.gentoo.org/glsa/202011-06 https://www.debian.org/security/2020/dsa-4804 https:/ • CWE-787: Out-of-bounds Write •
CVE-2020-27675
https://notcve.org/view.php?id=CVE-2020-27675
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Se detectó un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x. El archivo drivers/xen/events/events_base.c permite la eliminación del canal de eventos durante el ciclo de manejo de eventos (una condición de carrera). Esto puede causar una desreferencia del puntero NULL y un uso de la memoria previamente liberada como es demostrado por un bloqueo dom0 por medio de eventos para un dispositivo paravirtualizado en reconfiguración, también se conoce como CID-073d0552ead5 • http://www.openwall.com/lists/oss-security/2021/01/19/3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://github.com/torvalds/linux/commit/073d0552ead5bfc7a3a9c01de590e924f11b5dd2 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ZG6TZLD23QO3PV2AN2HB625ZX47ALTT https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-476: NULL Pointer Dereference •