CVE-2020-29568

Public on 2020-12-15
Modified on 2021-01-26
Description

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Severity
Medium
See what this means
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2021-01-26 ALAS-2021-1477
Amazon Linux 2 - Core kernel 2021-01-26 ALAS2-2021-1588
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-01-28 ALAS2KERNEL-5.4-2022-019

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C
Amazon Linux CVSSv3 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
NVD CVSSv2 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C
NVD CVSSv3 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2020-29568 Mitre: CVE-2020-29568