When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error.
Acknowledgments: Name: the Xen project
Statement: Only Xen versions 4.10 and later are affected by this flaw. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event channel limit (see Mitigation).
Mitigation: The issue can be avoided by reducing the number of event channels available to the guest to no more than 1023. For example, setting `max_event_channels=1023` in the xl domain configuration, or deleting any existing setting (since 1023 is the default for xl/libxl). For ARM systems, any limit no more than 4095 is safe. For 64-bit x86 PV guests, any limit no more than 4095 is likewise safe if the host configuration prevents the guest administrator from substituting and running a 32-bit kernel (and thereby putting the guest into 32-bit PV mode).
External References: https://xenbits.xen.org/xsa/advisory-317.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1854465]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15566