xen is vulnerable to arbitrary code execution. The vulnerability exists access rights of Xenstore nodes are per domid, and existing granted access rights are not removed when a domain is being destroyed, allowing a new domain created with the same domid to inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Xenstore entries of a guest below /local/domain/
are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected.
www.openwall.com/lists/oss-security/2020/12/16/3
lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
secdb.alpinelinux.org/v3.12/main.yaml
www.debian.org/security/2020/dsa-4812
xenbits.xenproject.org/xsa/advisory-322.html