CVE-2020-29487 – Gentoo Linux Security Advisory 202107-30

https://notcve.org/view.php?id=CVE-2020-29487

15 Dec 2020 — An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, ... • https://security.gentoo.org/glsa/202107-30 • CWE-770: Allocation of Resources Without Limits or Throttling •