CVE-2020-29485

Name of the Vulnerable Software and Affected Versions Xen versions 4.6 through 4.14.x

Description An issue was discovered when acting upon a guest XS RESET WATCHES request, where not all tracking information is freed. This can cause unbounded memory usage in oxenstored, leading to a system-wide denial of service (DoS). The vulnerability is specific to systems using the Ocaml Xenstored implementation, while systems using the C Xenstored implementation are not affected.

Recommendations For Xen versions 4.6 through 4.14.x, consider disabling the XS RESET WATCHES request handling in oxenstored as a temporary workaround to minimize the risk of exploitation. Restrict access to the oxenstored service to prevent unbounded memory usage. Update to a version that includes the fix for this issue when available.