An issue was discovered in versions of Xen from at least 3.2 onward, allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1891097]
Acknowledgments: Name: the Xen project
External References: https://xenbits.xen.org/xsa/advisory-345.html
Upstream fix: https://xenbits.xen.org/xsa/xsa345/0001-x86-mm-Refactor-map_pages_to_xen-to-have-only-a-sing.patch https://xenbits.xen.org/xsa/xsa345/0002-x86-mm-Refactor-modify_xen_mappings-to-have-one-exit.patch https://xenbits.xen.org/xsa/xsa345/0003-x86-mm-Prevent-some-races-in-hypervisor-mapping-upda.patch
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27672
Statement: All Xen versions from 3.2 onwards are vulnerable. Red Hat Enterprise Linux 5 is not affected by this flaw, as it shipped with an older version of Xen.
Mitigation: Running all guests in HVM or PVH mode, in each case with HAP enabled, will prevent those guests from exploiting the vulnerability.