ALPINE-CVE-2020-29570

ALPINE-CVE-2020-29570 PUBLISHED CVSS 6.199999809265137 MEDIUM

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.13	xen	4.1.2-r9, 4.11.1-r1, 4.12.0-r1
Alpine:v3.12	xen	4.12.0-r0, 4.11.1-r1, 4.11.1-r0
Alpine:v3.23	xen	4.7.1-r5, 4.9.1-r3, 4.9.1-r2
Alpine:v3.15	xen	4.7.0-r3, 4.9.1-r3, 4.9.1-r2
Alpine:v3.21	xen	4.4.1-r3, 4.4.1-r1, 4.4.1-r0
Alpine:v3.16	xen	4.13.0-r2, 0, 4.0.1-r0
Alpine:v3.18	xen	4.4.1-r3, 4.7.0-r4, 4.7.0-r5
Alpine:v3.11	xen	4.2.1-r0, 4.3.0-r4, 4.11.1-r1
Alpine:v3.19	xen	4.7.0-r3, 4.7.0-r2, 4.7.0-r1
Alpine:v3.20	xen	4.4.1-r8, 0, 4.7.0-r3
Alpine:v3.22	xen	4.4.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.17	xen	4.7.1-r4, 4.7.0-r4, 4.7.0-r5
Alpine:v3.14	xen	4.9.1-r3, 4.9.1-r2, 4.9.1-r1

Timeline

Dec 15, 2020 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-29570 advisory

Open in Interactive Console →