An issue exists in the Linux kernel up to and including 5.10.1, as used with Xen up to and including 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
||
linux linux kernel |
||
netapp hci_compute_node_bios - |
||
netapp solidfire \\& hci management node - |
||
netapp solidfire \\& hci storage node - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |