FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Xen guests can triger backend Out Of Memory

Affected packages
12.2 <= FreeBSD-kernel < 12.2_3
12.1 <= FreeBSD-kernel < 12.1_13
11.4 <= FreeBSD-kernel < 11.4_7

Details

VuXML ID 5d91370b-61fd-11eb-b87a-901b0ef719ab
Discovery 2021-01-29
Entry 2021-01-29

Problem Description:

Some OSes (including Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued.

As the queue is unbound, a guest may be able to trigger a OOM in the backend.

References

CVE Name CVE-2020-29568
FreeBSD Advisory SA-21:02.xenoom