CVE-2020-27777

Public on 2020-12-08

Modified on 2021-01-13

Description

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

Severity

Medium

See what this means

CVSS v3 Base Score

6.4

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2021-01-15	ALAS-2021-1461
Amazon Linux 2 - Core	kernel	2020-12-09	ALAS2-2020-1566

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv2	7.2	AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD	CVSSv3	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2020-27777 Mitre: CVE-2020-27777