1. Home
  2. Vulnerabilities
  3. CVE-2020-27675

CVE-2020-27675

CVSS v3.1 4.7 (Medium)
47% Progress
CVSS v2.0 4.7 (Medium)
47% Progress
EPSS 0.04 % (15th)
0.04% Progress
Affected Products 3
Advisories 17
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-10-22 21:15:14
(3 years ago)
Updated Date
2023-11-07 03:20:58
(10 months ago)

Affected Products

Debian

Fedoraproject

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel 5.9.1 and prior versions cpe:2.3:o:linux:linux_kernel <= 5.9.1

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33

Configuration #3

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0