PT-2020-17194 · Freebsd+7 · Freebsd+7

Michael Kurth

+1

·

Published

2020-12-15

·

Updated

2022-04-26

·

CVE-2020-29568

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Xen versions through 4.14.x
Description An issue was discovered in some OSes, such as Linux, FreeBSD, and NetBSD, which are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
Recommendations For Xen versions through 4.14.x, consider implementing a queue limit or a mechanism to handle watch events more efficiently to prevent an OOM in the backend. As a temporary workaround, consider restricting the rate at which watch events are received or disabling the single-threaded watch event processing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2020-29568
DLA-2557-1
DLA-2586-1
DSA-4843-1
FREEBSD-SA-21_02
OESA-2021-1086
OESA-2021-1087
OPENSUSE-SU-2021:0075-1
OPENSUSE-SU-2021:0241-1
OPENSUSE-SU-2021_0075-1
OPENSUSE-SU-2021_0241-1
SUSE-SU-2021:0347-1
SUSE-SU-2021:0348-1
SUSE-SU-2021:0353-1
SUSE-SU-2021:0354-1
SUSE-SU-2021:0427-1
SUSE-SU-2021:0433-1
SUSE-SU-2021:0434-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:0438-1
SUSE-SU-2021:0452-1
SUSE-SU-2021:0532-1
USN-4748-1
USN-4749-1
USN-4750-1
USN-4751-1

Affected Products

Astra Linux
Freebsd
Linux
Linuxmint
Netbsd
Suse
Ubuntu
Xen