|Description||An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DLA-2557-1, DLA-2586-1, DSA-4843-1|
Vulnerable and fixed packages
The table below lists information on source packages.
|bookworm, sid, bullseye||5.10.46-4||fixed|
|linux-4.19 (PTS)||stretch (security)||4.19.194-3~deb9u1||fixed|
The information below is based on the following data on fixed versions.