Uncontrolled Recursion in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-29566 |
| CWE-ID | CWE-674 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM Systems Director Server applications / Other server solutions xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor |
IBM Corporation Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Uncontrolled Recursion
EUVDB-ID: #VU49137
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-29566
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Systems Director: 6.3.2.2
xen (Alpine package): 1.42
xen (Alpine package): 1.1.7-0ubuntu1 - 1.2.3-0ubuntu2.7
xen (Alpine package): 3.0.8-1 - 3.0.13-1
xen (Alpine package): 2:1.3.2-2ubuntu0.1
xen (Alpine package): 1:6.2.3-5
xen (Alpine package): 0.11-4
xen (Alpine package): 3.2.21-1
xen (Alpine package): 1.88-1
xen (Alpine package): 0.2.3.2-1
xen (Alpine package): 0.101 - 0.102ubuntu1
xen (Alpine package): 0.1.0-0ubuntu1 - 0.1.5-0ubuntu1
xen (Alpine package): 3.1-1 - 3.1-2
xen (Alpine package): 1.3.1-1 - 1.3.1-2
xen (Alpine package): 3.1-1
xen (Alpine package): 0.18.1.1-9ubuntu1
xen (Alpine package): 4.63-15
xen (Alpine package): 3.1.6.1-1
xen (Alpine package): 2.55-2 - 2.72-1
xen (Alpine package): 2.2.0.3-2ubuntu5
xen (Alpine package): 3.5.11.2003.06.04-3
xen (Alpine package): 5.4-2ubuntu1
xen (Alpine package): 5.4b-1
xen (Alpine package): 0.15
xen (Alpine package): 0.18ubuntu0.2 - 0.32
xen (Alpine package): 0.3.6.0amd12 - 1.12.9
xen (Alpine package): 1.9.9-3 - 1.9.10-1
xen (Alpine package): 0.48-4
xen (Alpine package): 0.9b-20040421-1 - 1.1-20120215-2
xen (Alpine package): 0.16 - 0.35
xen (Alpine package): 0.2 - 0.9
xen (Alpine package): 0.4
xen (Alpine package): 2.5.3 - 2.17.5ubuntu1
xen (Alpine package): 3.4.0-1
xen (Alpine package): 0.14-1 - 0.15-2
xen (Alpine package): 2014.1-3
xen (Alpine package): 24.0-0ubuntu1
xen (Alpine package): 0.5.2-0ubuntu1 - 1.2.5ubuntu1daily13.06.14-0ubuntu1
xen (Alpine package): 3.0-0ubuntu1
xen (Alpine package): 1.5.2 - 1.6.2
xen (Alpine package): 0.1.8 - 1.0.75
xen (Alpine package): 1.20.0 - 2.18.2
xen (Alpine package): 20081029ubuntu63 - 20101020ubuntu468
xen (Alpine package): 0.74 - 9.20160115
xen (Alpine package): 0.2.12 - 1.5.49
xen (Alpine package): 1.8.8-2ubuntu1
xen (Alpine package): 0.2.8-8 - 0.2.11-1
xen (Alpine package): 0.3 - 1.8.42
xen (Alpine package): 5.3.28-3 - 5.3.28-4
xen (Alpine package): 1.5
xen (Alpine package): 0.4.5 - 0.5.8-2.2
xen (Alpine package): 0.2.11-1build1
xen (Alpine package): 0.63
xen (Alpine package): 0.3.1-0ubuntu1 - 0.10.0-3
xen (Alpine package): 0.13-1 - 0.22.1-2
xen (Alpine package): 2.1.0-2 - 2.1.26.dfsg1-14
xen (Alpine package): 0.5.16-3.5ubuntu1 - 0.5.17-6
xen (Alpine package): 1.3-1 - 1.3-3
xen (Alpine package): 5.11-1 - 7.35.0-1
xen (Alpine package): 1.3.9-17 - 2.0.3-2
xen (Alpine package): 0.1.2-1 - 0.2.6-1ubuntu1
xen (Alpine package): 1.0.47-2 - 1.0.64-0ubuntu1
xen (Alpine package): 2.1-3-dfsg-1 - 2.1-3-dfsg-2
xen (Alpine package): 0.100-3
xen (Alpine package): 2:1.0.6-2ubuntu7 - 2:1.6.4-1
xen (Alpine package): 0.8 - 9ubuntu2
xen (Alpine package): 3.0pl1-50 - 3.0pl1-119
xen (Alpine package): 1.0.0-0ubuntu1 - 1.0.0-0ubuntu2
xen (Alpine package): expression - 7.1.1-1
xen (Alpine package): 2.8.13-7 - 2.8.13-10
xen (Alpine package): 2.4.2-16 - 2.7-1
xen (Alpine package): 0.92-0ubuntu3 - 0.98-1
xen (Alpine package): 4.5.7-1 - 8.20-3ubuntu4
xen (Alpine package): 0.2.10-3 - 0.4.6-3
xen (Alpine package): 1.5 - 1.141
xen (Alpine package): 1:0.8.6-0ubuntu4 - 1:0.9.7.6-0ubuntu2
xen (Alpine package): 0.3ubuntu7 - 0.3ubuntu15.2
xen (Alpine package): 1.2.12-1ubuntu1 - 1.2.12-1
xen (Alpine package): 0.7-svn20050721 - 1.4.29-1
xen (Alpine package): 2.8.12.1-1.6 - 3.9.0-1
xen (Alpine package): 1.0.5-2 - 1.0.8-3
xen (Alpine package): 0.25-0ubuntu1 - 0.25-0ubuntu3
xen (Alpine package): 0.9-0ubuntu1 - 0.12-0ubuntu1
xen (Alpine package): 1.4.4
xen (Alpine package): 2.2.15-1
xen (Alpine package): 1.4.2
xen (Alpine package): 4.8.9
xen (Alpine package): 3.0.4
xen (Alpine package): 2.1.0
xen (Alpine package): 1.4.17
xen (Alpine package): 2.2.0b2
xen (Alpine package): r12.0 nil
xen (Alpine package): 3.0
xen (Alpine package):
xen (Alpine package): before 4.14.1-r0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_systems_director:6.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.42:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.1.7-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.2.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.2.1-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0.8-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0.13-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2:1.3.2-2ubuntu0.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1:6.2.3-5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.11-4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.2.21-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.88-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.3.2-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.101:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.1.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.1-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.3.1-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.1-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.18.1.1-9ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:4.63-15:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.1.6.1-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.55-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.2.0.3-2ubuntu5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.5.11.2003.06.04-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:5.4-2ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:5.4b-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.15:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.18ubuntu0.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3.6.0amd12:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.9.9-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.48-4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.9b-20040421-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.16:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.5.3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.4.0-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.14-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2014.1-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:24.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.5.2-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.5.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.1.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.20.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:20081029ubuntu63:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.74:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.12:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.8.8-2ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.8-8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:5.3.28-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.4.5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.11-1build1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.63:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3.1-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.13-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.1.0-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.5.16-3.5ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.3-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:5.11-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.3.9-17:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.1.2-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.47-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.1-3-dfsg-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.100-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2:1.0.6-2ubuntu7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0pl1-50:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:expression:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.8.13-7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.4.2-16:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.92-0ubuntu3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:4.5.7-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.2.10-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1:0.8.6-0ubuntu4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.3ubuntu7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.2.12-1ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.7-svn20050721:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.8.12.1-1.6:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.0.5-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.25-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:0.9-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.4.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.2.15-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.4.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:4.8.9:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.1.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:1.4.17:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:2.2.0b2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:3.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package::*:*:*:*:alpine_linux:*:*
- cpe:2.3:o:alpine:xen_alpine_package:*:*:*:*:*:alpine_linux:*:3.12
https://git.alpinelinux.org/aports/commit/?id=1f5fe5eb0e0bb4588f6b1b8b4e1563293acbb087
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
