An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| xen | xen | 4.14.1 | - |
| linux | linux_kernel | 4.1.44 - 4.2 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
14
Affected Products
12
References
xen / xen +13 more
| linux | linux_kernel | 4.4.80 - 4.4.254 | - |
| linux | linux_kernel | 4.9.36 - 4.9.249 | - |
| linux | linux_kernel | 4.11.9 - 4.12 | - |
| linux | linux_kernel | 4.12 - 4.14.213 | - |
| linux | linux_kernel | 4.15 - 4.19.164 | - |
| linux | linux_kernel | 4.20 - 5.4.86 | - |
| linux | linux_kernel | 5.5 - 5.10.4 | - |
| netapp | hci_compute_node_bios | - | - |
| netapp | solidfire_\&_hci_management_node | - | - |
| netapp | solidfire_\&_hci_storage_node | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability
Impact