Olivier Benjamin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.11 through 5.10.16 **Description** The issue is related to errors in mapping grant references provided by the frontend in the Linux kernel's Xen driver. This can lead to the caller assuming successful mapping and attempting to access unmapped space, or internal state not being updated sufficiently to prevent safe recovery from errors. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Linux kernel versions 3.11 through 5.10.16, update to a version later than 5.10.16 to resolve the issue. At the moment, there is no information about other versions that contain a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.10.1 Xen versions through 4.14.x **Description** An issue in the Linux kernel PV block backend may cause a pointer to be re-used after it was freed. This occurs when the kernel thread handler does not have time to reset `ring->xenblkd` to NULL if the frontend quickly toggles between connect and disconnect states. A misbehaving guest can trigger a dom0 crash by continuously connecting/disconnecting a block frontend, potentially leading to privilege escalation and information leaks. This issue affects systems with a Linux blkback. **Recommendations** For Linux kernel versions through 5.10.1, update to a version that includes the fix for this issue. For Xen versions through 4.14.x, ensure that the Linux kernel used is updated to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the block backend to minimize the risk of exploitation.