CVE-2020-27675 - log back

CVE-2020-27675 edited at 19 Jan 2021 17:34:29
Description
- The Linux kernel event channel handling code doesn't defend the handling of an event against the same event channel being removed in parallel. This can result in accesses to already freed memory areas or NULL pointer dereferences in the event handling code, leading to misbehaviour of the system or even crashes.
+ An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
References
- https://lists.xenproject.org/archives/html/xen-announce/2021-01/msg00001.html
+ https://xenbits.xen.org/xsa/advisory-331.html
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2
CVE-2020-27675 edited at 19 Jan 2021 17:22:37
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ The Linux kernel event channel handling code doesn't defend the handling of an event against the same event channel being removed in parallel. This can result in accesses to already freed memory areas or NULL pointer dereferences in the event handling code, leading to misbehaviour of the system or even crashes.
References
+ https://lists.xenproject.org/archives/html/xen-announce/2021-01/msg00001.html
Notes
CVE-2020-27675 created at 19 Jan 2021 17:19:54