CVE-2020-15565

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13.x

Description The issue allows x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes and privilege escalation cannot be ruled out. Only x86 Intel systems are affected, and only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability.

Recommendations For Xen versions prior to 4.13.x, consider disabling the use of hardware assisted paging (HAP) or restricting the use of page table sharing as a temporary workaround until a patch is available. Additionally, restrict access to passed through PCI devices to minimize the risk of exploitation.