Xen Viridian Hypercall Input Validation Vulnerability on x86 HVM Guests

A vulnerability exists in Xen hypervisors version 4.15 and newer, specifically affecting x86 HVM guests with Viridian enabled. This vulnerability arises from improper input validation in certain Viridian hypercalls that allow the specification of vCPU ID masks. All three input formats are susceptible, leading to out-of-bounds reads and writes. The issue can cause the hypervisor to read from or write to invalid memory locations, potentially leading to information leaks, unauthorized privilege escalation, or a denial-of-service condition that impacts the entire host.

Impact

Exploitation of this vulnerability can result in a denial-of-service condition affecting the entire host, information leaks, or unauthorized privilege escalation.

Remediation

To address this vulnerability, apply the appropriate patches available for the specific Xen version in use. For Xen versions 4.19.x to 4.17.x, use the patches named 'xsa475-4.19-1.patch' or 'xsa475-4.19-2.patch'. For Xen 4.20.x, use the 'xsa475-1.patch'. After applying the patches, it is recommended to update to the latest stable branch release.