{
  "id": "CVE-2020-29567",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-12-15T17:15:14.597",
  "lastModified": "2024-11-21T05:24:13.100",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Xen versiones 4.14.x.&#xa0;Al mover IRQ entre los CPU para distribuir la carga de manejo de IRQ, los vectores IRQ se asignan y desasignan din\u00e1micamente en las CPU relevantes.&#xa0;La desasignaci\u00f3n tiene que ocurrir cuando se cumplen ciertas restricciones.&#xa0;Si estas condiciones no se cumplen cuando se comprueba por primera vez, la CPU de comprobaci\u00f3n  puede enviarse una interrupci\u00f3n a s\u00ed misma, con la expectativa de que esta IRQ se entregar\u00e1 solo despu\u00e9s de que la condici\u00f3n que impide la limpieza haya desaparecido.&#xa0;Para dos vectores IRQ espec\u00edficos, esta expectativa se viol\u00f3, resultando en un flujo continuo de interrupciones autom\u00e1ticas, lo que hace que la CPU sea efectivamente inutilizable.&#xa0;Un dominio con un dispositivo PCI pasado puede causar el bloqueo de una CPU f\u00edsica, lo que resulta en una denegaci\u00f3n de servicio (DoS) para todo el host.&#xa0;Solo los Sistemas x86 son vulnerables.&#xa0;Los Sistemas Arm no son vulnerables. Solo los invitados con PCI f\u00edsica pasados a trav\u00e9s de ellos"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "baseScore": 4.9,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
              "versionEndIncluding": "4.14.0",
              "matchCriteriaId": "5BCCA6BA-E5A5-4C9E-828A-790663E0A79D"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.gentoo.org/glsa/202107-30",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://xenbits.xenproject.org/xsa/advisory-356.html",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://security.gentoo.org/glsa/202107-30",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://xenbits.xenproject.org/xsa/advisory-356.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}