CVE-2020-29568MEDIUM
Description
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
References
https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Details
Source: MITRE
Published: 2020-12-15
Updated: 2021-03-15
Type: CWE-119
Risk Information
CVSS v2.0
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Impact Score: 4
Exploitability Score: 2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.14.1 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 148009 | Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1) | Nessus | Ubuntu Local Security Checks | high |
| 147983 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1) | Nessus | Ubuntu Local Security Checks | high |
| 147978 | Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4751-1) | Nessus | Ubuntu Local Security Checks | high |
| 147975 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1) | Nessus | Ubuntu Local Security Checks | high |
| 147532 | Debian DLA-2586-1 : linux security update | Nessus | Debian Local Security Checks | high |
| 146685 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0532-1) | Nessus | SuSE Local Security Checks | high |
| 146512 | Debian DLA-2557-1 : linux-4.19 security update | Nessus | Debian Local Security Checks | high |
| 146511 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1) | Nessus | SuSE Local Security Checks | high |
| 146476 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1) | Nessus | SuSE Local Security Checks | high |
| 146474 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1) | Nessus | SuSE Local Security Checks | high |
| 146470 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1) | Nessus | SuSE Local Security Checks | high |
| 146406 | SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0427-1) | Nessus | SuSE Local Security Checks | high |
| 146366 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0354-1) | Nessus | SuSE Local Security Checks | high |
| 146362 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1) | Nessus | SuSE Local Security Checks | high |
| 146359 | SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0353-1) | Nessus | SuSE Local Security Checks | high |
| 146293 | openSUSE Security Update : the Linux Kernel (openSUSE-2021-241) | Nessus | SuSE Local Security Checks | high |
| 146248 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0005) | Nessus | OracleVM Local Security Checks | high |
| 146217 | EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246) | Nessus | Huawei Local Security Checks | high |
| 146096 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9030) | Nessus | Oracle Linux Local Security Checks | high |
| 146052 | Debian DSA-4843-1 : linux - security update | Nessus | Debian Local Security Checks | high |
| 146047 | Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9025) | Nessus | Oracle Linux Local Security Checks | high |
| 146045 | Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9024) | Nessus | Oracle Linux Local Security Checks | high |
| 145700 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9023) | Nessus | Oracle Linux Local Security Checks | high |
| 145567 | FreeBSD : FreeBSD -- Xen guests can triger backend Out Of Memory (5d91370b-61fd-11eb-b87a-901b0ef719ab) | Nessus | FreeBSD Local Security Checks | medium |
| 145546 | Xen OOM DoS (XSA-349) | Nessus | Misc. | medium |
| 145458 | Amazon Linux AMI : kernel (ALAS-2021-1477) | Nessus | Amazon Linux Local Security Checks | high |
| 145456 | Amazon Linux 2 : kernel (ALAS-2021-1588) | Nessus | Amazon Linux Local Security Checks | high |
| 145287 | openSUSE Security Update : the Linux Kernel (openSUSE-2021-75) | Nessus | SuSE Local Security Checks | high |
| 144907 | Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006) | Nessus | Oracle Linux Local Security Checks | high |
| 144906 | Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007) | Nessus | Oracle Linux Local Security Checks | high |
| 144905 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009) | Nessus | Oracle Linux Local Security Checks | high |
| 144904 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005) | Nessus | Oracle Linux Local Security Checks | high |
| 144903 | Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9008) | Nessus | Oracle Linux Local Security Checks | high |