CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202107-30	Third Party Advisory
https://www.debian.org/security/2021/dsa-4843	Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-349.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

History

26 Apr 2022, 16:12

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202107-30 - Third Party Advisory
CWE	~~CWE-119~~	CWE-770

Information

Published : 2020-12-15 17:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-29568

Mitre link : CVE-2020-29568

CVE.ORG link : CVE-2020-29568

JSON object : View

Products Affected

xen

xen

debian

debian_linux

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2020-29568", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2020-12-15T17:15:14.660", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202107-30", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2021/dsa-4843", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://xenbits.xenproject.org/xsa/advisory-349.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.14.x. Algunos Sistemas Operativos (como Linux, FreeBSD y NetBSD) procesan eventos de observaci\u00f3n usando un solo hilo o sub-proceso. Si los eventos se reciben m\u00e1s r\u00e1pido de lo que el hilo es capaz de manejar, se pondr\u00e1n en cola. Como la cola no tiene l\u00edmites, un invitado puede activar un OOM en el backend. Todos los sistemas con FreeBSD, Linux o NetBSD (cualquier versi\u00f3n) dom0 son vulnerables"}], "lastModified": "2022-04-26T16:12:15.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98708CDE-265E-4841-B910-B632F7BAAC3E", "versionEndIncluding": "4.14.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}