<p>Upgrade <code>Alpine:3.15</code> <code>xen</code> to version 4.14.1-r0 or higher.</p>

Allocation of Resources Without Limits or Throttling Affecting xen package, versions <4.14.1-r0

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.08% (34^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-ALPINE315-XEN-1929275
published 2 Feb 2021
disclosed 15 Dec 2020

Report a new vulnerability Found a mistake?

Introduced: 15 Dec 2020

CVE-2020-29567 Open this link in a new tab CWE-770 Open this link in a new tab

How to fix?

Upgrade Alpine:3.15 xen to version 4.14.1-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xen package and not the xen package as distributed by Alpine. See How to fix? for Alpine:3.15 relevant fixed versions and status.

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.