Published: 15/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in Xen 4.6 up to and including 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are not vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
debian debian linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33

Multiple vulnerabilities have been discovered in the Xen hypervisor: Several security issues affecting Xenstore could result in cross domain access (denial of service, information leaks or privilege escalation) or denial of service against xenstored Additional vulnerabilities could result in guest-to-host denial of service For the stable distribu ...

Description of Problem Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service These vulnerabilities have the following identifiers:  CVE ID Description Vulnerability Type Pre-conditions CVE-2020-29479 An attacker with the ability to ...

CWE-401 https://xenbits.xenproject.org/xsa/advisory-330.txt https://www.debian.org/security/2020/dsa-4812 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4812

CVE-2020-29485

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect