Denial of Service Vulnerability in Xen XAPI Toolstack by Xen Project
CVE-2020-29487

7.5HIGH

Key Information:

Status
Vendor
CVE Published:
15 December 2020

What is CVE-2020-29487?

A vulnerability in the Xen XAPI toolstack prior to December 15, 2020, allows a malicious guest to manipulate certain xenstore keys, leading to significant performance degradation. The watching logic in xenopsd could trigger extensive RPC updates, causing an exponential increase in resource consumption. With inadequate quotas in the xenopsd system and a substantial allowed memory usage, an attacker can exploit this vulnerability to monopolize memory in dom0, resulting in a denial of service for the host. This flaw can severely impact system stability, potentially leading to thrashing against swap space or complete out-of-memory conditions.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.