ALPINE-CVE-2020-29568

ALPINE-CVE-2020-29568 PUBLISHED CVSS 6.5 MEDIUM

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.13	linux-lts	5.4.6-r0, 5.4.7-r0, 5.4.70-r0
Alpine:v3.21	xen	0, 0, 0
Alpine:v3.23	xen	0, 0, 0
Alpine:v3.16	xen	0, 0, 0
Alpine:v3.19	xen	0, 0, 0
Alpine:v3.22	linux-lts	5.4.50-r0, 5.4.54-r1, 5.4.57-r0
Alpine:v3.13	xen	0, 0, 0
Alpine:v3.23	linux-lts	5.10.2-r0, 0, 5.10.1-r1
Alpine:v3.14	linux-lts	0, 5.4.82-r0, 5.4.81-r0
Alpine:v3.16	linux-lts	5.4.12-r1, 0, 5.10.0-r0
Alpine:v3.17	xen	0, 0, 0
Alpine:v3.19	linux-lts	5.4.45-r0, 5.4.44-r0, 5.4.43-r1
Alpine:v3.21	linux-lts	5.4.31-r0, 5.4.82-r0, 5.4.81-r0
Alpine:v3.18	xen	0, 0, 0
Alpine:v3.22	xen	0, 0, 0
Alpine:v3.18	linux-lts	5.4.82-r0, 5.4.58-r0, 5.4.61-r1
Alpine:v3.14	xen	0, 0, 0
Alpine:v3.20	linux-lts	5.10.0-r0, 5.4.54-r1, 5.4.54-r2
Alpine:v3.17	linux-lts	5.4.51-r0, 5.4.27-r0, 5.4.25-r0
Alpine:v3.15	xen	0, 0, 0

…and 2 more

Timeline

Dec 15, 2020 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-29568 advisory

Open in Interactive Console →