4 matches found
CVE-2020-29486
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running...
Design/Logic Flaw
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running...
CVE-2020-29486
CVE-2020-29486 affects Xen up to 4.14.x with oxenstored; an unprivileged client (guest) can modify xenstore node ownership, causing quota exhaustion and potential memory DoS that can crash a specific guest or the host. Systems using oxenstored are vulnerable; builds using C xenstored are not. Pub...
oxenstored: node ownership can be changed by unprivileged clients
ISSUE DESCRIPTION Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. But node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory IMPACT A...