The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggle between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed.
External References: https://www.openwall.com/lists/oss-security/2020/12/15/9
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1908082]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
This was fixed for Fedora with the 5.10.4 stable kernel updates.