CVE-2020-29570
First published: Tue Dec 15 2020(Updated: )
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xen | 4.11.4+107-gef32c7afa2-1 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 | |
| Xen Xen | >=4.4.0<=4.14.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://xenbits.xen.org/xsa/advisory-358.html
- https://security-tracker.debian.org/tracker/CVE-2020-29570
- http://www.openwall.com/lists/oss-security/2020/12/16/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
- https://security.gentoo.org/glsa/202107-30
- https://www.debian.org/security/2020/dsa-4812
- https://xenbits.xenproject.org/xsa/advisory-358.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
Frequently Asked Questions
What is CVE-2020-29570?
CVE-2020-29570 is a vulnerability in Xen through 4.14.x that involves a reversed recording of the per-vCPU control block mapping.
What is the severity of CVE-2020-29570?
CVE-2020-29570 has a severity rating of 6.2 (Medium).
Which software versions are affected by CVE-2020-29570?
The affected software versions include Debian Xen, Debian Debian Linux 10.0, Fedoraproject Fedora 32, and Fedoraproject Fedora 33.
How can a malicious or buggy guest kernel exploit CVE-2020-29570?
A malicious or buggy guest kernel can exploit CVE-2020-29570 by assuming the control block pointers are ready for use when seeing the per-vCPU control block mapping initialized.
Where can I find more information about CVE-2020-29570?
You can find more information about CVE-2020-29570 at the following references: [link1], [link2], [link3].
- collector/security-tracker-debian
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/xen
- canonical/xen xen
- version/xen xen/4.4.0
- version/xen xen/4.14.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33