The Linux kernel PV block backend expects the kernel thread handler
to reset ring->xenblkd to NULL when stopped. However, the handler may
not have time to run if the frontend quickly toggle between the states
connect and disconnect.
As a consequence, the block backend may re-use a pointer after it was
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1908082]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
This was fixed for Fedora with the 5.10.4 stable kernel updates.