CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

CVE-2020-25599

CVE-2020-25599 affects Xen up to 4.14.x, with race conditions in evtchn_reset() potentially allowing x86 PV guests to escalate to host privileges, cause host/guest crashes, or DoS. All Xen 4.5+ are vulnerable; 4.4 and earlier are not. Several vendor advisories indicate patches were released to fi...

FreeBSD : xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo (ce658051-27ea-11e5-a4a5-002590263bf5)

The Xen Project reports : The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by...

xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo

The Xen Project reports: The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar leak existed in XENSYSCTLgetdomaininfolist, which is being addressed here regardless of that operation being declared unsafe for disaggregation by XSA-7...