An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

Affected Package

OS OS Version Package Name Package Version
ubuntu Upstream linux-gke 5.11~rc1
ubuntu 20.04 linux-gke 5.4.0-1036.38
ubuntu Upstream linux-aws-5.8 5.11~rc1
ubuntu Upstream linux-azure-5.8 5.11~rc1
ubuntu Upstream linux-gcp-5.8 5.11~rc1
ubuntu Upstream linux-oracle-5.8 5.11~rc1
ubuntu Upstream linux-riscv-5.8 5.11~rc1
ubuntu 20.04 linux-riscv-5.8 5.8.0-17.19~20.04.1
ubuntu Upstream linux-hwe-5.11 5.11~rc1
ubuntu Upstream linux-riscv-5.11 5.11~rc1
ubuntu Upstream linux-oem-5.13 5.11~rc1
ubuntu Upstream linux-aws-5.11 5.11~rc1
ubuntu Upstream linux-azure-5.11 5.11~rc1
ubuntu Upstream linux-oracle-5.11 5.11~rc1
ubuntu Upstream linux-bluefield 5.11~rc1
ubuntu 20.04 linux-bluefield 5.4.0-1011.14
ubuntu Upstream linux 5.11~rc1
ubuntu 20.04 linux 5.4.0-66.74
ubuntu 18.04 linux 4.15.0-136.140
ubuntu 16.04 linux 4.4.0-204.236
ubuntu Upstream linux-hwe 5.11~rc1
ubuntu 16.04 linux-hwe 4.15.0-136.140~16.04.1
ubuntu Upstream linux-hwe-5.4 5.11~rc1
ubuntu 18.04 linux-hwe-5.4 5.4.0-66.74~18.04.2
ubuntu Upstream linux-hwe-edge 5.11~rc1
ubuntu Upstream linux-lts-trusty 5.11~rc1
ubuntu Upstream linux-lts-xenial 5.11~rc1
ubuntu 14.04 linux-lts-xenial 4.4.0-204.236~14.04.1
ubuntu Upstream linux-kvm 5.11~rc1
ubuntu 20.04 linux-kvm 5.4.0-1033.34
ubuntu 18.04 linux-kvm 4.15.0-1085.87
ubuntu 16.04 linux-kvm 4.4.0-1089.98
ubuntu Upstream linux-aws 5.11~rc1
ubuntu 20.04 linux-aws 5.4.0-1038.40
ubuntu 18.04 linux-aws 4.15.0-1094.101
ubuntu 16.04 linux-aws 4.4.0-1123.137
ubuntu 14.04 linux-aws 4.4.0-1087.91
ubuntu Upstream linux-aws-5.0 5.11~rc1
ubuntu Upstream linux-aws-5.3 5.11~rc1
ubuntu Upstream linux-aws-5.4 5.11~rc1
ubuntu 18.04 linux-aws-5.4 5.4.0-1038.40~18.04.1
ubuntu Upstream linux-aws-hwe 5.11~rc1
ubuntu 16.04 linux-aws-hwe 4.15.0-1094.101~16.04.1
ubuntu Upstream linux-azure 5.11~rc1
ubuntu 20.04 linux-azure 5.4.0-1040.42
ubuntu 16.04 linux-azure 4.15.0-1108.120~16.04.1
ubuntu 14.04 linux-azure 4.15.0-1108.120~14.04.1
ubuntu Upstream linux-azure-4.15 5.11~rc1
ubuntu 18.04 linux-azure-4.15 4.15.0-1108.120
ubuntu Upstream linux-azure-5.3 5.11~rc1
ubuntu Upstream linux-azure-5.4 5.11~rc1
ubuntu 18.04 linux-azure-5.4 5.4.0-1040.42~18.04.1
ubuntu Upstream linux-azure-edge 5.11~rc1
ubuntu Upstream linux-gcp 5.11~rc1
ubuntu 20.04 linux-gcp 5.4.0-1037.40
ubuntu 16.04 linux-gcp 4.15.0-1093.106~16.04.1
ubuntu Upstream linux-gcp-4.15 5.11~rc1
ubuntu 18.04 linux-gcp-4.15 4.15.0-1093.106
ubuntu Upstream linux-gcp-5.3 5.11~rc1
ubuntu Upstream linux-gcp-5.4 5.11~rc1
ubuntu 18.04 linux-gcp-5.4 5.4.0-1037.40~18.04.1
ubuntu Upstream linux-gcp-edge 5.11~rc1
ubuntu Upstream linux-gke-4.15 5.11~rc1
ubuntu 18.04 linux-gke-4.15 4.15.0-1079.84
ubuntu Upstream linux-gke-5.0 5.11~rc1
ubuntu 18.04 linux-gke-5.0 any
ubuntu Upstream linux-gke-5.3 5.11~rc1
ubuntu 18.04 linux-gke-5.3 any
ubuntu Upstream linux-oracle 5.11~rc1
ubuntu 20.04 linux-oracle 5.4.0-1038.41
ubuntu 18.04 linux-oracle 4.15.0-1065.73
ubuntu 16.04 linux-oracle 4.15.0-1065.73~16.04.1
ubuntu Upstream linux-oracle-5.0 5.11~rc1
ubuntu Upstream linux-oracle-5.3 5.11~rc1
ubuntu Upstream linux-oracle-5.4 5.11~rc1
ubuntu 18.04 linux-oracle-5.4 5.4.0-1038.41~18.04.1
ubuntu Upstream linux-oem 5.11~rc1
ubuntu 18.04 linux-oem any
ubuntu Upstream linux-oem-5.6 5.11~rc1
ubuntu 20.04 linux-oem-5.6 any
ubuntu Upstream linux-oem-osp1 5.11~rc1
ubuntu 18.04 linux-oem-osp1 any
ubuntu Upstream linux-raspi 5.11~rc1
ubuntu 20.04 linux-raspi 5.4.0-1029.32
ubuntu Upstream linux-raspi2 5.11~rc1
ubuntu 18.04 linux-raspi2 4.15.0-1079.84
ubuntu 16.04 linux-raspi2 4.4.0-1147.157
ubuntu Upstream linux-raspi2-5.3 5.11~rc1
ubuntu 18.04 linux-raspi2-5.3 any
ubuntu Upstream linux-raspi-5.4 5.11~rc1
ubuntu 18.04 linux-raspi-5.4 5.4.0-1029.32~18.04.1
ubuntu Upstream linux-riscv 5.11~rc1
ubuntu 20.04 linux-riscv any
ubuntu Upstream linux-snapdragon 5.11~rc1
ubuntu 18.04 linux-snapdragon 4.15.0-1096.105
ubuntu 16.04 linux-snapdragon 4.4.0-1151.161
ubuntu Upstream linux-hwe-5.8 5.11~rc1
ubuntu 20.04 linux-hwe-5.8 5.8.0-44.50~20.04.1
ubuntu Upstream linux-gke-5.4 5.11~rc1
ubuntu 18.04 linux-gke-5.4 5.4.0-1036.38~18.04.1
ubuntu Upstream linux-gkeop-5.4 5.11~rc1
ubuntu 18.04 linux-gkeop-5.4 5.4.0-1010.11~18.04.1
ubuntu Upstream linux-dell300x 5.11~rc1
ubuntu 18.04 linux-dell300x 4.15.0-1012.16
ubuntu Upstream linux-oem-5.10 5.11~rc1
ubuntu 20.04 linux-oem-5.10 5.10.0-1011.12
ubuntu Upstream linux-gkeop 5.11~rc1
ubuntu 20.04 linux-gkeop 5.4.0-1010.11
ubuntu Upstream linux-ibm 5.11~rc1
ubuntu Upstream linux-gcp-5.11 5.11~rc1
ubuntu Upstream linux-oem-5.14 5.11~rc1
ubuntu Upstream linux-intel-5.13 5.11~rc1
ubuntu Upstream linux-hwe-5.13 5.11~rc1
ubuntu Upstream linux-aws-5.13 5.11~rc1
ubuntu Upstream linux-fips 5.11~rc1
ubuntu Upstream linux-oracle-5.13 any
ubuntu Upstream linux-gcp-5.13 any
ubuntu Upstream linux-ibm-5.4 any
ubuntu Upstream linux-azure-fde any