CVE-2020-25601Uncontrolled Resource Consumption in XEN

CWE-400Uncontrolled Resource Consumption9 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedSep 23
Latest updateSep 19

Description

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the pro

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianxen/xen< 4.14.0+80-gd101b417b7-1+3
NVDxen/xen4.14.0
NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, Fedora 31, 32, 33

🔴Vulnerability Details

3
GHSA
GHSA-wp5g-hhm3-443g: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-25601: An issue was discovered in Xen through 42020-09-23
CVEList
CVE-2020-25601: An issue was discovered in Xen through 42020-09-23

📋Vendor Advisories

3
Ubuntu
Xen vulnerabilities2022-09-19
Red Hat
xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)2020-09-22
Debian
CVE-2020-25601: xen - An issue was discovered in Xen through 4.14.x. There is a lack of preemption in ...2020

💬Community

2
Bugzilla
CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) [fedora-all]2020-09-22
Bugzilla
CVE-2020-25601 xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344)2020-09-09
CVE-2020-25601 — Uncontrolled Resource Consumption | cvebase