Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks.
Acknowledgments: Name: the Xen project
Statement: All Xen versions from 4.4 onwards are vulnerable. Red Hat Enterprise Linux 5 is not affected by this flaw, as it shipped an older version of Xen.
Mitigation: There is no known mitigation for this flaw apart from applying the patch.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1881581]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25599
External References: https://xenbits.xen.org/xsa/advisory-343.html