When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error.
Name: the Xen project
Only Xen versions 4.10 and later are affected by this flaw. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event channel limit (see Mitigation).
The issue can be avoided by reducing the number of event channels available to the guest to no more than 1023. For example, setting `max_event_channels=1023` in the xl domain configuration, or deleting any existing setting (since 1023 is the default for xl/libxl).
For ARM systems, any limit no more than 4095 is safe. For 64-bit x86 PV guests, any limit no more than 4095 is likewise safe if the host configuration prevents the guest administrator from substituting and running a 32-bit kernel (and thereby putting the guest into 32-bit PV mode).
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1854465]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):