Unrated severityNVD Advisory· Published Dec 15, 2020· Updated Aug 4, 2024
CVE-2020-29570
CVE-2020-29570
Description
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- Xen/Xendescription
- osv-coords29 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xen&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 4.12.4_06-lp151.2.36.1+ 28 more
- (no CPE)range: < 4.12.4_06-lp151.2.36.1
- (no CPE)range: < 4.13.2_06-lp152.2.21.1
- (no CPE)range: < 4.15.1_01-1.2
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.10.4_24-3.53.1
- (no CPE)range: < 4.10.4_24-3.53.1
- (no CPE)range: < 4.12.4_06-3.40.1
- (no CPE)range: < 4.13.2_06-3.22.1
- (no CPE)range: < 4.12.4_06-3.40.1
- (no CPE)range: < 4.13.2_06-3.22.1
- (no CPE)range: < 4.4.4_48-61.61.1
- (no CPE)range: < 4.7.6_14-43.73.1
- (no CPE)range: < 4.7.6_14-43.73.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.11.4_16-2.48.1
- (no CPE)range: < 4.12.4_06-3.36.1
- (no CPE)range: < 4.7.6_14-43.73.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.11.4_16-2.48.1
- (no CPE)range: < 4.12.4_06-3.36.1
- (no CPE)range: < 4.10.4_24-3.53.1
- (no CPE)range: < 4.12.4_06-3.36.1
- (no CPE)range: < 4.7.6_14-43.73.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.11.4_16-2.48.1
- (no CPE)range: < 4.9.4_16-3.80.1
- (no CPE)range: < 4.11.4_16-2.48.1
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202107-30mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2020/dsa-4812mitrevendor-advisoryx_refsource_DEBIAN
- www.openwall.com/lists/oss-security/2020/12/16/4mitremailing-listx_refsource_MLIST
- xenbits.xenproject.org/xsa/advisory-358.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.