CVE-2020-25600

Name of the Vulnerable Software and Affected Versions Xen versions 4.4 through 4.14.x

Description An issue in Xen allows out of bounds event channels to be available to 32-bit x86 domains. This is due to a misbehavior in the recording of event channel limits during domain initialization. As a result, 32-bit domains may observe event channel allocations to succeed when they should fail, leading to potential corruption of the shared info structure. An unprivileged guest may cause another domain, including Domain 0, to misbehave, resulting in a Denial of Service (DoS) for the entire system.

Recommendations For Xen versions 4.4 through 4.14.x, consider disabling the use of event channels for 32-bit x86 domains servicing other domains until a patch is available. Restrict access to the shared info structure to minimize the risk of corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.