// For flags

CVE-2020-29567

 

Severity Score

6.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.

Se detectó un problema en Xen versiones 4.14.x. Al mover IRQ entre los CPU para distribuir la carga de manejo de IRQ, los vectores IRQ se asignan y desasignan dinámicamente en las CPU relevantes. La desasignación tiene que ocurrir cuando se cumplen ciertas restricciones. Si estas condiciones no se cumplen cuando se comprueba por primera vez, la CPU de comprobación puede enviarse una interrupción a sí misma, con la expectativa de que esta IRQ se entregará solo después de que la condición que impide la limpieza haya desaparecido. Para dos vectores IRQ específicos, esta expectativa se violó, resultando en un flujo continuo de interrupciones automáticas, lo que hace que la CPU sea efectivamente inutilizable. Un dominio con un dispositivo PCI pasado puede causar el bloqueo de una CPU física, lo que resulta en una denegación de servicio (DoS) para todo el host. Solo los Sistemas x86 son vulnerables. Los Sistemas Arm no son vulnerables. Solo los invitados con PCI física pasados a través de ellos

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-04 CVE Reserved
  • 2020-12-15 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xen
Search vendor "Xen"
Xen
Search vendor "Xen" for product "Xen"
<= 4.14.0
Search vendor "Xen" for product "Xen" and version " <= 4.14.0"
x86
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected