Alpine: xen: security update to 4.13.2-r0

high Tenable Cloud Security Plugin ID 407774

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service
(data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry
can be half-updated. (CVE-2020-27670)

- An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of
service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page
IOMMU TLB flushes is mishandled. (CVE-2020-27671)

- An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of
service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to
a use-after-free involving 2MiB and 1GiB superpages. (CVE-2020-27672)

- An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges
by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an
INVLPG-like attack technique. (CVE-2020-27674)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-27670

https://security.alpinelinux.org/vuln/CVE-2020-27671

https://security.alpinelinux.org/vuln/CVE-2020-27672

https://security.alpinelinux.org/vuln/CVE-2020-27674

Plugin Details

Severity: High

ID: 407774

Version: Revision 1.44

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.11

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-27672

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-27671

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/24/2020

Reference Information

CVE: CVE-2020-27670, CVE-2020-27671, CVE-2020-27672, CVE-2020-27674

IAVB: 2020-B-0056-S