CVE-2020-29483

Name of the Vulnerable Software and Affected Versions Xen versions through 4.14.x

Description An issue was discovered in Xen where xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. This can lead to a zombie domain, where memory mappings of that guest's memory will not be removed due to the missing event. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service. Only the C variant of Xenstore is affected, and only HVM guests with a stubdom device model can cause a serious DoS.

Recommendations To resolve the issue, update to a version of Xen that is not affected by this issue. As a temporary workaround, consider restricting the use of the @releaseDomain event to minimize the risk of exploitation. Restrict access to the xenstored internal management to prevent a malicious guest from blocking resources of the host. Avoid using the stub domain device model for HVM guests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.