Neither xenstore implementation does any permissions checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: - number, type and domids of other VMs - existence and domids of driver domains - numbers of virtual interfaces, block devices, vcpus - existence of virtual framebuffers and their backend style (eg, existence of VNC service) - Xen VM UUIDs for other domains - timing information about domain creation and device setup - some hints at the backend provisioning of VMs and their devices The watch events do not contain values stored in xenstore, only key names.
External References: https://www.openwall.com/lists/oss-security/2020/12/15/2
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1908091]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.