Bug 1891091 (CVE-2020-27671)
Summary: | CVE-2020-27671 xen: undue deferral of IOMMU TLB flushes (XSA-346) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, ailan, bhu, bmasney, brdeoliv, dhoward, drjones, dvlasenk, fhrbata, hkrzesin, imammedo, jforbes, jshortt, jstancek, knoel, m.a.young, mrezanin, nmurray, pbonzini, ptalbert, robinlee.sysu, rvrbovsk, vkuznets, walters, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found to occur in the Xen optimization to coalesce per-page IOMMU TLB flushes. This flaw allows malicious x86 HVM and PVH guests to cause host data corruption and data leaks, resulting in a denial of service (DoS) or potential privilege escalation. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-02 20:21:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1891093 | ||
Bug Blocks: | 1891100 |
Description
Guilherme de Almeida Suckevicz
2020-10-23 18:54:32 UTC
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1891093] Acknowledgments: Name: the Xen project External References: https://xenbits.xen.org/xsa/advisory-346.html Upstream fix: https://xenbits.xen.org/xsa/xsa346/xsa346-1.patch https://xenbits.xen.org/xsa/xsa346/xsa346-2.patch This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27671 Statement: All Xen versions from 4.2 onwards are vulnerable. Red Hat Enterprise Linux 5 is not affected by this flaw, as it shipped with an older version of Xen. Mitigation: Avoid passing through physical devices to untrusted guests. Refer to the XSA-346 advisory for additional information. |