Xen Hypervisor x86 Instruction Emulation Exception Handling Vulnerability

A vulnerability exists in the Xen hypervisor on x86 systems, specifically in versions 4.9 and later. When certain instructions are intercepted and emulated, Xen may replay them using an executable stub. Some of these instructions can raise exceptions that are meant to be handled gracefully. However, for replayed instructions that involve recovering changes to the arithmetic flags, the exception handling metadata was incorrect. This flaw prevented Xen from managing the exception properly, leading to a fatal hypervisor crash.

Impact

Exploitation of this vulnerability by an unprivileged guest can cause a hypervisor crash, resulting in a denial-of-service condition for the entire host.

Remediation

Applying the appropriate patch resolves this issue. Patches for released versions are generally prepared to apply to the stable branches. For Xen 4.17.x, use the patch named 'xsa470-4.17.patch'. For Xen 4.18.x, use the 'xsa470.patch'.