CVE-2020-29569

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.10.1 Xen versions through 4.14.x

Description An issue in the Linux kernel PV block backend may cause a pointer to be re-used after it was freed. This occurs when the kernel thread handler does not have time to reset ring->xenblkd to NULL if the frontend quickly toggles between connect and disconnect states. A misbehaving guest can trigger a dom0 crash by continuously connecting/disconnecting a block frontend, potentially leading to privilege escalation and information leaks. This issue affects systems with a Linux blkback.

Recommendations For Linux kernel versions through 5.10.1, update to a version that includes the fix for this issue. For Xen versions through 4.14.x, ensure that the Linux kernel used is updated to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the block backend to minimize the risk of exploitation.