CVE-2020-27777

MEDIUM6.7

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication

Published Dec 15, 2020

Modified 1 years ago

No fix available

Details

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

References

WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1900844 WEBhttps://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-27777 WEBhttps://www.openwall.com/lists/oss-security/2020/10/09/1 WEBhttps://www.openwall.com/lists/oss-security/2020/11/23/2

CVSS Analysis

CVSS v3.1

6.7

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

6.7/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Access Control

CWE-862

Missing Authorization

Ecosystems

Timeline

PublishedDec 15, 2020

ModifiedAug 4, 2024