CVE-2020-29568
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
Se detectó un problema en Xen versiones hasta 4.14.x. Algunos Sistemas Operativos (como Linux, FreeBSD y NetBSD) procesan eventos de observación usando un solo hilo o sub-proceso. Si los eventos se reciben más rápido de lo que el hilo es capaz de manejar, se pondrán en cola. Como la cola no tiene límites, un invitado puede activar un OOM en el backend. Todos los sistemas con FreeBSD, Linux o NetBSD (cualquier versión) dom0 son vulnerables
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-04 CVE Reserved
- 2020-12-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://xenbits.xenproject.org/xsa/advisory-349.html | 2022-04-26 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202107-30 | 2022-04-26 | |
https://www.debian.org/security/2021/dsa-4843 | 2022-04-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.14.1 Search vendor "Xen" for product "Xen" and version " <= 4.14.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|