CVE-2020-29570

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description An issue was discovered in Xen where the recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. This issue is related to the allocation of unlimited memory, which can be exploited by an attacker to cause a denial of service.

Recommendations For Xen versions prior to 4.14.x, consider applying configuration changes to restrict the allocation of memory to guest kernels to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality that allows guest kernels to allocate unlimited memory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.