UBUNTU-CVE-2020-29569

Advisory lineage Upstream: 1 Downstream: 4
Upstream
CVE-2020-29569
Published: 15 Dec 2020, 17:15
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
8.8 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Dec 2020, 17:15
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    < 4.4.0-204.236 | < 4.15.0-136.140 | < 5.4.0-66.74

  • ubuntulinux-aws

    < 4.4.0-1087.91 | < 4.4.0-1123.137 | < 4.15.0-1094.101 | < 5.4.0-1038.40

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    < 5.4.0-1038.40~18.04.1

  • ubuntulinux-aws-fips

    < 4.15.0-2037.39 | all | < 5.4.0-1069.73+fips2

  • ubuntulinux-aws-hwe

    < 4.15.0-1094.101~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1108.120~14.04.1 | < 4.15.0-1108.120~16.04.1 | all | < 5.4.0-1040.42

  • ubuntulinux-azure-4.15

    < 4.15.0-1108.120

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    < 5.4.0-1040.42~18.04.1

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fips

    < 4.15.0-2020.23 | all | < 5.4.0-1073.76+fips1

  • ubuntulinux-bluefield

    all

  • ubuntulinux-dell300x

    < 4.15.0-1012.16

  • ubuntulinux-fips

    < 4.4.0-1057.63 | all | < 4.15.0-1053.61

  • ubuntulinux-gcp

    < 4.15.0-1093.106~16.04.1 | all | < 5.4.0-1037.40

  • ubuntulinux-gcp-4.15

    < 4.15.0-1093.106

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.4

    < 5.4.0-1037.40~18.04.1

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gcp-fips

    all | < 5.4.0-1067.71~20.04.1

  • ubuntulinux-gke

    < 5.4.0-1036.38

  • ubuntulinux-gke-4.15

    < 4.15.0-1079.84

  • ubuntulinux-gke-5.4

    < 5.4.0-1036.38~18.04.1

  • ubuntulinux-gkeop

    < 5.4.0-1010.11

  • ubuntulinux-gkeop-5.4

    < 5.4.0-1010.11~18.04.1

  • ubuntulinux-hwe

    < 4.15.0-136.140~16.04.1 | all

  • ubuntulinux-hwe-5.4

    < 5.4.0-66.74~18.04.2

  • ubuntulinux-hwe-5.8

    < 5.8.0-44.50~20.04.1

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-intel-iot-realtime

    all

  • ubuntulinux-kvm

    < 4.4.0-1089.98 | < 4.15.0-1085.87 | < 5.4.0-1033.34

  • ubuntulinux-lts-xenial

    < 4.4.0-204.236~14.04.1

  • ubuntulinux-nvidia

    all

  • ubuntulinux-oem

    all

  • ubuntulinux-oem-5.10

    < 5.10.0-1011.12

  • ubuntulinux-oem-5.6

    all

  • ubuntulinux-oracle

    < 4.15.0-1065.73~16.04.1 | < 4.15.0-1065.73 | < 5.4.0-1038.41

  • ubuntulinux-oracle-5.0

    all

  • ubuntulinux-oracle-5.3

    all

  • ubuntulinux-oracle-5.4

    < 5.4.0-1038.41~18.04.1

  • ubuntulinux-raspi

    < 5.4.0-1029.32

  • ubuntulinux-raspi-5.4

    < 5.4.0-1029.32~18.04.1

  • ubuntulinux-raspi-realtime

    all

  • ubuntulinux-raspi2

    < 4.4.0-1147.157 | < 4.15.0-1079.84 | all

  • ubuntulinux-realtime

    all

  • ubuntulinux-riscv

    all

  • ubuntulinux-riscv-5.8

    < 5.8.0-17.19~20.04.1

  • ubuntulinux-snapdragon

    < 4.4.0-1151.161 | < 4.15.0-1096.105

References (7)