Jinoh Kang

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.9.1 Xen versions prior to 4.14.x Description: An issue in the Linux kernel and Xen allows event-channel removal during the event-handling loop, causing a race condition. This can lead to a use-after-free or NULL pointer dereference, potentially resulting in a denial of service, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device. Recommendations: For Linux kernel versions prior to 5.9.1, update to version 5.9.1 or later to resolve the issue. For Xen versions prior to 4.14.x, update to version 4.14.x or later to resolve the issue. As a temporary workaround, consider restricting access to the `events base.c` component in the Xen driver to minimize the risk of exploitation.