CVE-2020-29566Uncontrolled Recursion in XEN

CWE-674Uncontrolled Recursion4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 78.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedDec 15
Latest updateMay 24

Description

An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur befo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/xen< xen 4.14.0+88-g1d1d1f5391-1 (bookworm)
Debianxen/xen< 4.14.0+88-g1d1d1f5391-1+3
NVDxen/xen4.14.0

Also affects: Debian Linux 10.0, Fedora 32, 33

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

2
GHSA
GHSA-mr64-xwwr-mx4c: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-29566: An issue was discovered in Xen through 42020-12-15

📋Vendor Advisories

1
Debian
CVE-2020-29566: xen - An issue was discovered in Xen through 4.14.x. When they require assistance from...2020