CVE-2020-29479

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description The issue is related to the implementation of Ocaml xenstored in Xen, where the internal representation of the tree has special cases for the root node. Unfortunately, permissions were not checked for certain operations on the root node, allowing unprivileged guests to get and modify permissions, list, and delete the root node. This can lead to a host-wide denial of service if the whole xenstore tree is deleted. Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable, while systems using C xenstored are not.

Recommendations For Xen versions prior to 4.14.x, consider disabling the use of oxenstored as a temporary workaround until a patch is available. Restrict access to the xenstore tree to minimize the risk of exploitation. Avoid using the oxenstored implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.