CVE-2020-11743

Name of the Vulnerable Software and Affected Versions Xen versions through 4.13.x

Description The issue is related to errors in return values of the GNTTABOP map grant component in the Xen hypervisor. Exploitation of this issue can allow an attacker to cause a denial of service. The problem arises from a bad error path in GNTTABOP map grant, where grant table operations are expected to return 0 for success and a negative number for errors, but misplaced brackets cause one error path to return 1 instead of a negative value. This condition is treated as success by the grant table code in Linux, leading to incorrectly initialized state. A buggy or malicious guest can construct its grant table to hit the incorrect error path when a backend domain tries to map a grant, resulting in a crash of a Linux-based dom0 or backend domain.

Recommendations For Xen versions through 4.13.x, consider disabling the GNTTABOP map grant operation until a patch is available to prevent potential denial of service attacks. Restrict access to grant table operations to minimize the risk of exploitation. Avoid using the grant table in a way that could trigger the incorrect error path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.