CVE-2020-29566

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description A problem was discovered in Xen where x86 HVM guests must be temporarily de-scheduled when they require assistance from the device model. The device model signals Xen via an event channel when it has completed its operation, so that the relevant vCPU is rescheduled. If the device model signals Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat, potentially resulting in a stack overflow due to ordinary recursive function calls. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected, while Arm systems are not.

Recommendations For Xen versions prior to 4.14.x: As a temporary workaround, consider disabling the device model for x86 HVM guests until a patch is available. Restrict access to the event channel to minimize the risk of exploitation. Avoid using the recursive function calls in the device model until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.