CVE-2020-27675 — Race Condition in Linux
CWE-362 — Race ConditionCWE-416 — Use After FreeCWE-476 — NULL Pointer Dereference16 documents8 sources
Severity
4.7MEDIUMNVD
OSV8.2OSV5.5OSV4.1
EPSS
0.1%
top 80.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 22
Latest updateMay 24
Description
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 9.0, Fedora 31, 32, 33
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-02-25
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-01-06
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabi↗2021-01-06
OSV▶
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities↗2021-01-06