How severe is CVE-2020-29486?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2020-29486?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2020-29486

MEDIUM Year: 2020

CVSS v3 Score

6.0

Medium

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-770

View all →

Vulnerability Description

An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.

CVE-2016-8576

MEDIUM

CVSS:6.0(Medium)

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging fa...

CWE-7702016

CVE-2023-52529

MEDIUM

CVSS:6.0(Medium)

In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() sh...

CWE-7702023

CVE-2024-26894

MEDIUM

CVSS:6.0(Medium)

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated ...

CWE-7702024

CVE-2017-12132

MEDIUM

CVSS:5.9(Medium)

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path ...

CWE-7702017

CVE-2018-10237

MEDIUM

CVSS:5.9(Medium)

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize att...

CWE-7702018

CVE-2019-12940

MEDIUM

CVSS:5.9(Medium)

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.

CWE-7702019

CVE-2020-29486

Vulnerability Description

Related Vulnerabilities

CVE-2016-8576

CVE-2023-52529

CVE-2024-26894

CVE-2017-12132

CVE-2018-10237

CVE-2019-12940