CVE-2020-25595

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description An issue in the PCI passthrough code improperly uses register data, allowing a not fully trusted guest to potentially crash the system, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. The issue is related to code paths in Xen's MSI handling that act on unsanitized values read back from device hardware registers. This can be exploited by guests with passed through PCI devices, especially those with out-of-spec "backdoor" operations.

Recommendations For Xen versions prior to 4.14.x, consider disabling PCI passthrough for untrusted guests as a temporary workaround to minimize the risk of exploitation. Restrict access to devices with out-of-spec functionality to prevent potential issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.