A vulnerability was found in xe, where a malicious guest may be able to access sensitive information pertaining to other guests. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out.
Acknowledgments: Name: the Xen project
Statement: Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing is enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. x86 AMD as well as ARM systems are not affected by this flaw.
Mitigation: - Suppress the use of page table sharing (command line option `iommu=no-sharept`). Note however that as of Xen version 4.13 there is also a respective per-guest control (`passthrough=` libxl guest config file option). If any guests have been created with an explicit setting, this setting may conflict with the addition of the `iommu=no-sharept` Xen command line option. - Suppress the use of large HAP pages (command line options `hap_2mb=no` and `hap_1gb=no`). - Avoid pass-through of PCI devices to HVM guests.
External References: https://xenbits.xen.org/xsa/advisory-321.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1854467]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15565