An issue was discovered in Xen through 4.14.x. There is a race condition
when migrating timers between x86 HVM vCPUs. When migrating timers of x86
HVM guests between its vCPUs, the locking model used allows for a second
vCPU of the same guest (also operating on the timers) to release a lock
that it didn’t acquire. The most likely effect of the issue is a hang or
crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of
Xen are affected. Only x86 systems are vulnerable. Arm systems are not
vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and
PVH cannot leverage the vulnerability. Only guests with more than one vCPU
can exploit the vulnerability.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
launchpad.net/bugs/cve/CVE-2020-25604
lists.fedoraproject.org/archives/list/[email protected]/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/
nvd.nist.gov/vuln/detail/CVE-2020-25604
security-tracker.debian.org/tracker/CVE-2020-25604
ubuntu.com/security/notices/USN-5617-1
www.cve.org/CVERecord?id=CVE-2020-25604
xenbits.xen.org/xsa/advisory-336.html