[XSA-349] Frontends can trigger OOM in Backends by update a watched path
Severity
Medium
Affected Packages
1
CVEs
1
ISSUE DESCRIPTION
Some OSes (such as Linux, FreeBSD, NetBSD) are processing watch events
using a single thread. If the events are received faster than the thread
is able to handle, they will get queued.
As the queue is unbound, a guest may be able to trigger a OOM in
the backend.
IMPACT
A malicious guest can trigger an OOM in backends.
VULNERABLE SYSTEMS
All systems with a FreeBSD, Linux, NetBSD dom0 are vulnerable.
All version of those OSes are vulnerable.
Package | Affected Version |
---|---|
pkg:generic/xen |
- ID
- XSA-349
- Severity
- medium
- Severity from
- CVE-2020-29568
- URL
- http://xenbits.xen.org/xsa/advisory-349.html
- Published
-
2020-12-15T12:00:00
(3 years ago) - Modified
-
2020-12-15T12:00:00
(3 years ago) - Rights
- Xen Project
- Other Advisories
-
- ALAS-2021-1477
- ALAS2-2021-1588
- ALPINE:CVE-2020-29568
- DSA-4843-1
- ELSA-2021-9005
- ELSA-2021-9006
- ELSA-2021-9007
- ELSA-2021-9008
- ELSA-2021-9009
- ELSA-2021-9023
- ELSA-2021-9024
- ELSA-2021-9025
- ELSA-2021-9030
- ELSA-2021-9037
- ELSA-2021-9038
- FREEBSD:5D91370B-61FD-11EB-B87A-901B0EF719AB
- GLSA-202107-30
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0241-1
- SUSE-SU-2021:0347-1
- SUSE-SU-2021:0348-1
- SUSE-SU-2021:0353-1
- SUSE-SU-2021:0354-1
- SUSE-SU-2021:0427-1
- SUSE-SU-2021:0433-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:0532-1
- USN-4748-1
- USN-4749-1
- USN-4750-1
- USN-4751-1
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-349 | Security Advisory | http://xenbits.xen.org/xsa/advisory-349.html |
Xen Project | XSA-349 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-349.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |