An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
xen | le | 4.14.1 |