CVE-2020-29570

medium

Description

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.

References

https://xenbits.xenproject.org/xsa/advisory-358.html

https://www.debian.org/security/2020/dsa-4812

http://www.openwall.com/lists/oss-security/2020/12/16/4

https://lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/

https://security.gentoo.org/glsa/202107-30

Details

Source: MITRE

Published: 2020-12-15

Updated: 2021-12-10

Type: CWE-770

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.5

Severity: MEDIUM