CVE-2020-27152 — Infinite Loop in Kernel

CWE-835 — Infinite Loop14 documents10 sources

Severity

5.5MEDIUMNVD

OSV5.4

EPSS

0.0%

top 91.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Paloalto Pan-os +1 more

Timeline

PublishedNov 6

Latest updateFeb 14

Description

An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel< 5.9.2

▶Debianlinux/linux_kernel< 5.9.6-1+3

▶debiandebian/linux< linux 5.9.6-1 (bookworm)

▶msrcmsrc/cm1_kernel_5.4.91-1_on_cbl_mariner_1.0

▶Palo Altopaloalto/pan-os

Patches

Patch: www.openwall.com ↗Patch: git.kernel.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-pfwq-4xp5-gp3h: An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic↗2022-05-24

▶

OSV

linux-oem-5.6 vulnerabilities↗2021-02-25

▶

OSV

CVE-2020-27152: An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic↗2020-11-06

▶

Kernel

KVM: ioapic: break infinite recursion on lazy EOI↗2020-10-24

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-02-25

▶

Ubuntu

Linux kernel regression↗2020-12-13

▶

Ubuntu

Linux kernel vulnerabilities↗2020-12-02

▶

Microsoft

▶

💬Community

Bugzilla

CVE-2020-27152 Kernel: KVM: host stack overflow due to lazy update IOAPIC↗2020-10-16

▶

Bugzilla

CVE-2020-27152 kernel: KVM: host stack overflow due to lazy update IOAPIC [fedora-all]↗2020-10-16

▶