CVE-2020-29481

Name of the Vulnerable Software and Affected Versions Xen versions through 4.14.x

Description An issue was discovered in Xen where access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed, allowing a new domain created with the same domid to inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. This means a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.

Recommendations For Xen versions through 4.14.x, consider implementing a mechanism to remove existing granted access rights when a domain is being destroyed to prevent a new domain from inheriting access rights to Xenstore nodes from previous domains with the same domid. As a temporary workaround, restrict the creation of new domains with the same domid as previously existing domains to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.