SB2020122331 - Allocation of Resources Without Limits or Throttling in xen (Alpine package)
Published: December 23, 2020
Security Bulletin ID
SB2020122331
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2020-29570)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
Remediation
Install update from vendor's website.