Login Sign Up

CVE-2020-27672

7.0 HIGH
Denial of Service

📋 TL;DR

CVE-2020-27672 is a race condition vulnerability in Xen hypervisor that leads to use-after-free with superpages. This allows x86 guest OS users to cause host OS denial of service, data corruption, or potentially gain privileges. Affects Xen hypervisor installations with x86 guest virtual machines.

💻 Affected Systems

Products:
  • Xen Hypervisor
Versions: All versions through 4.14.x
Operating Systems: Linux (as host OS for Xen)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects x86 architecture with 2MiB or 1GiB superpages enabled. ARM architecture not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Xen by Xen

View all CVEs affecting Xen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Guest OS users could gain elevated privileges on the host system, leading to complete compromise of the hypervisor and all guest VMs.

🟠

Likely Case

Host OS denial of service causing hypervisor crashes and VM downtime, potentially with data corruption in affected VMs.

🟢

If Mitigated

With proper isolation and monitoring, impact limited to denial of service affecting only the targeted VM and host.

🌐 Internet-Facing: MEDIUM - Requires guest OS access, but internet-facing VMs could be compromised through other vulnerabilities.
🏢 Internal Only: HIGH - Internal malicious users or compromised guest VMs can directly exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires guest OS user access and exploitation of race condition timing. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Xen 4.14.1 and later

Vendor Advisory: http://xenbits.xen.org/xsa/advisory-345.html

Restart Required: Yes

Instructions:

1. Update Xen to version 4.14.1 or later. 2. Apply vendor patches for Xen 4.13.x and earlier versions. 3. Reboot the hypervisor host to load patched kernel modules.

🔧 Temporary Workarounds

Disable superpages

linux

Disable 2MiB and 1GiB superpages to prevent the race condition

xl set-parameters domain-id superpages=0

🧯 If You Can't Patch

  • Implement strict access controls to limit guest OS user privileges
  • Isolate critical VMs on separate physical hosts from untrusted VMs

🔍 How to Verify

Check if Vulnerable:

Check Xen version: xl info | grep xen_version

Check Version:

xl info | grep xen_version

Verify Fix Applied:

Verify Xen version is 4.14.1 or later, or check for XSA-345 patch applied

📡 Detection & Monitoring

Log Indicators:

  • Hypervisor crashes or panics
  • Unexpected VM restarts
  • Kernel oops messages in host logs

Network Indicators:

  • Sudden loss of connectivity to multiple VMs
  • Unusual inter-VM communication patterns

SIEM Query:

source="xen.log" AND ("panic" OR "oops" OR "BUG:")

📊 Metadata

CVE ID: CVE-2020-27672
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: October 22, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27672, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)