An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS
users to gain host OS privileges by leveraging race conditions in pagetable
promotion and demotion operations, because of an incomplete fix for
CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV
type change operations. Despite extensive testing and auditing, some corner
cases were missed. A malicious PV guest administrator may be able to
escalate their privilege to that of the host. All security-supported
versions of Xen are vulnerable. Only x86 systems are affected. Arm systems
are not affected. Only x86 PV guests can leverage the vulnerability. x86
HVM and PVH guests cannot leverage the vulnerability. Note that these
attacks require very precise timing, which may be difficult to exploit in
mdeslaurhypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary
Source: xen (LP Ubuntu Debian)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):not-affected (4.11.3+24-g14b62ab3e5-1ubuntu1)
Binaries built from this source package are in universe and so are supported by the community. For more details see
More Information

Updated: 2020-02-18 14:14:32 UTC (commit c0d61ad7c8b86ba29097cf5accfef1795e5a2080)