CVE-2020-25601

An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchnreset() / evtchndestroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.

References

Affected packages

Git / github.com/sleuthkit/sleuthkit

Affected ranges

Type: GIT
Repo: https://github.com/sleuthkit/sleuthkit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c6efd66293546b9c95637be703c7c7823e950629

Affected versions

Other

VisualStudio_2010

ct-3.*

ct-3.10.0

ct-3.11.0

ct-3.12.0

ct-3.13.0

ct-3.5.0

ct-3.6.0

ct-3.8.0

ct-3.9.0

sleuthkit-4.*

sleuthkit-4.0.0

sleuthkit-4.0.0b1

sleuthkit-4.0.1

sleuthkit-4.0.2

sleuthkit-4.1.0

sleuthkit-4.1.1

sleuthkit-4.1.2

sleuthkit-4.1.3

sleuthkit-4.10.0

sleuthkit-4.10.1

sleuthkit-4.10.2

sleuthkit-4.11.0

sleuthkit-4.11.1

sleuthkit-4.12.0

sleuthkit-4.12.1

sleuthkit-4.14.0

sleuthkit-4.2.0

sleuthkit-4.3.1

sleuthkit-4.4.0

sleuthkit-4.4.1

sleuthkit-4.4.2

sleuthkit-4.5.0

sleuthkit-4.6.0

sleuthkit-4.6.1

sleuthkit-4.6.2

sleuthkit-4.6.3

sleuthkit-4.6.4

sleuthkit-4.6.5

sleuthkit-4.6.6

sleuthkit-4.6.7

sleuthkit-4.7.0

sleuthkit-4.8.0

sleuthkit-4.8.0-fixed

sleuthkit-4.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25601.json"