A vulnerability was found in xen, where a guest administrator or perhaps even unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation.
Acknowledgments: Name: the Xen project
This flaw affects systems using Intel CPUs with support for nested virtualization, and only HVM and PVH guests can exploit the vulnerability (PV guests are not affected). Note that, as of Xen 4.4, nested HVM on Intel CPUs is considered "tech preview" and not recommended to be used in a production environment [1]. [1] https://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen
Statement: This flaw affects systems using Intel CPUs with support for nested paging (HAP). Only HVM and PVH guests can exploit the vulnerability, PV guests are not affected by this flaw.
Mitigation: Switching to shadow paging (e.g. using the `hap=0` xl domain domain configuration file parameter) will avoid exposing the vulnerability to those guests.
*** Bug 1854208 has been marked as a duplicate of this bug. ***
External References: https://xenbits.xen.org/xsa/advisory-328.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1854464]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15567