CVE-2020-15567

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14

Description An issue was discovered in Xen, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging are vulnerable. Only HVM and PVH guests can exploit the vulnerability.

Recommendations For Xen versions prior to 4.14, as a temporary workaround, consider disabling the use of nested paging until a patch is available. Restrict access to the vulnerable EPT tables to minimize the risk of exploitation. Avoid using the vulnerable code paths in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.