CVE-2020-25601

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description An issue in Xen allows malicious or buggy guest kernels to mount a Denial of Service (DoS) attack affecting the entire system. The problem arises from a lack of preemption in evtchn reset() / evtchn destroy() functions, particularly in the FIFO event channel model. This model enables guests to have a large number of event channels active simultaneously. When closing all these channels, either during a reset or cleanup after a guest, the process may take an extended period. Without preemption at suitable intervals, a CPU can spend a significant amount of time processing these operations, potentially leading to a DoS attack.

Recommendations For Xen versions prior to 4.14.x, consider applying configuration changes to limit the number of event channels a guest can have active at a time to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.