Lucene search

K
cve[email protected]CVE-2020-29568
HistoryDec 15, 2020 - 5:15 p.m.

CVE-2020-29568

2020-12-1517:15:14
CWE-770
web.nvd.nist.gov
197
5
cve-2020-29568
xen
backend
oom
watch events
vulnerability
linux
freebsd
netbsd
nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Affected configurations

NVD
Node
xenxenRange4.14.1
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
CPENameOperatorVersion
xen:xenxenle4.14.1

Social References

More

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%