CVE-2020-25596

Name of the Vulnerable Software and Affected Versions Xen versions 3.2 through 4.14.x

Description An issue in Xen allows x86 PV guest kernels to experience denial of service via the SYSENTER instruction. The SYSENTER instruction leaves various state sanitization activities to software, and one of Xen's sanitization paths incorrectly delivers a #GP fault twice to the guest, causing the guest kernel to observe a kernel-privilege #GP fault, which is typically fatal. This can be exploited by malicious or buggy userspace to crash the guest kernel, resulting in a VM Denial of Service. The issue is specific to x86 systems that support the SYSENTER instruction in 64bit mode, which includes Intel, Centaur, and Shanghai CPUs, but excludes AMD and Hygon CPUs. Only x86 PV guests can exploit the vulnerability.

Recommendations For Xen versions 3.2 through 4.14.x, consider disabling the SYSENTER instruction in 64bit mode as a temporary workaround to minimize the risk of exploitation. Restrict access to the vulnerable x86 PV guests to prevent malicious or buggy userspace from crashing the guest kernel.