CVE-2020-27673 — MEDIUM (5.5)

Q: How severe is CVE-2020-27673?

CVE-2020-27673 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-27673?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Leap, Xen Xen.

Vulnerability Description

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.12, < 4.4.244
Debian	Debian Linux	9.0
Opensuse	Leap	15.1
Xen	Xen	<= 4.14.0

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/01/19/6Mailing ListThird Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9950PatchVendor Advisory
https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd307PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202011-06Third Party Advisory
https://xenbits.xen.org/xsa/advisory-332.htmlPatchThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/01/19/6Mailing ListThird Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9950PatchVendor Advisory
https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd307PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2020-27673?

CVE-2020-27673 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e9950...

How severe is CVE-2020-27673?

CVE-2020-27673 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27673?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Leap, Xen Xen.