CVE-2020-29567 : An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribu

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.

Published 2020-12-15 17:15:15

Updated 2021-12-10 01:54:29

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-29567

XEN » XEN » For X86
Versions up to, including, (<=) 4.14.0
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-29567

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-29567

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.5	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-29567

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-29567

https://xenbits.xenproject.org/xsa/advisory-356.html

XSA-356 - Xen Security Advisories
Patch;Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/

[SECURITY] Fedora 33 Update: xen-4.14.0-14.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202107-30

Xen: Multiple vulnerabilities (GLSA 202107-30) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-29567

Products affected by CVE-2020-29567

Exploit prediction scoring system (EPSS) score for CVE-2020-29567

CVSS scores for CVE-2020-29567

CWE ids for CVE-2020-29567

References for CVE-2020-29567