CVE-2020-15566

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14

Description A problem was discovered in Xen that allows guest OS users to cause a host OS crash due to incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons, including the port being already in use, memory allocation failure, or the port being higher than what is supported by the ABI used by the guest or the limit set by an administrator. Due to missing error checks, only the port being already in use will be considered an error, while other cases will provide a valid port and result in a crash when trying to access the event channel. When the administrator configures a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. All architectures are affected.

Recommendations To resolve the issue, update to a version of Xen that is 4.14 or later. As a temporary workaround, consider restricting the number of event channels allowed for each guest to 1023 or fewer to minimize the risk of exploitation. Restrict access to the event-channel allocation functionality to prevent guests from allocating excessive event channels. Configure the max event channels setting in the xl configuration to limit the number of event channels that can be allocated by guests.