An issue exists in Xen up to and including 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |