The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc).
Acknowledgments: Name: the Xen project
Mitigation: Running only x86 PVH/HVM guests avoids the vulnerability.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1881617]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25596
External References: https://xenbits.xen.org/xsa/advisory-339.html
Statement: All Xen versions from 3.2 onward are vulnerable. Red Hat Enterprise Linux 5 is not affected by this flaw, as it shipped in an older version of Xen.