CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS
users to cause a hypervisor crash. An inverted conditional in x86 HVM
guests’ dirty video RAM tracking code allows such guests to make Xen
de-reference a pointer guaranteed to point at unmapped space. A malicious
or buggy HVM guest may cause the hypervisor to crash, resulting in Denial
of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards
are affected. Xen versions 4.7 and earlier are not affected. Only x86
systems are affected. Arm systems are not affected. Only x86 HVM guests
using shadow paging can leverage the vulnerability. In addition, there
needs to be an entity actively monitoring a guest’s video frame buffer
(typically for display purposes) in order for such a guest to be able to
leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using
hardware assisted paging (HAP), cannot leverage the vulnerability.

Notes