An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS
users to cause a denial of service (guest OS crash) because VMX VMEntry
checks mishandle a certain case. Please see XSA-260 for background on the
MovSS shadow. Please see XSA-156 for background on the need for #DB
interception. The VMX VMEntry checks do not like the exact combination of
state which occurs when #DB in intercepted, Single Stepping is active, and
blocked by STI/MovSS is active, despite this being a legitimate state to be
in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest
userspace code may be able to crash the guest, resulting in a guest Denial
of Service. All versions of Xen are affected. Only systems supporting VMX
hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected.
Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV
guests cannot leverage the vulnerability.
mdeslaurhypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary
Source: xen (LP Ubuntu Debian)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):not-affected (4.11.3+24-g14b62ab3e5-1ubuntu1)
Binaries built from this source package are in universe and so are supported by the community. For more details see
More Information

Updated: 2020-02-18 14:14:33 UTC (commit c0d61ad7c8b86ba29097cf5accfef1795e5a2080)