CVE-2021-28703

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.14

Description: The issue arises when grant table v2 status pages are de-allocated as a guest switches back from v2 to v1, potentially allowing a guest to retain access to a page that was freed and perhaps re-used for other purposes. This occurs because the hypervisor tracks only one use within guest space, but racing requests from the guest can result in these pages becoming mapped in multiple locations. The majority of such pages remain allocated or associated with a guest for its entire lifetime, but grant table v2 status pages are an exception, getting de-allocated when a guest switches back from v2 to v1.

Recommendations: For versions prior to 4.14, update to Xen 4.14 or a security-supported Xen branch that includes the backported fix. As a temporary workaround, consider restricting access to grant table v2 status pages to minimize the risk of exploitation. Avoid using grant table v2 status pages in multiple locations within guest space until the issue is resolved.