CVE-2020-11739: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2020-11739) was discovered in Xen through 4.13.x, affecting the read-write unlock paths. The issue was publicly disclosed on April 14, 2020, and impacts all versions of Xen running on ARM-based systems. The vulnerability stems from missing memory barriers in read-write unlock paths, which allows processors to re-order memory access with preceding operations (Xen Advisory).

The vulnerability occurs because read-write unlock paths lack memory barriers. On ARM processors, this allows memory access reordering with preceding operations, meaning an unlock operation may be visible to another processor before all memory accesses within the critical section are complete. This creates a race condition where a writer could execute a critical section simultaneously with readers or another writer, breaking critical section assumptions about variable modifications (Xen Advisory). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) (NVD).

The vulnerability can allow a malicious guest to leak memory or cause a hypervisor crash resulting in a Denial of Service (DoS). Additionally, information leaks and privilege escalation cannot be excluded from the potential impacts (Xen Advisory). The vulnerability is particularly concerning for multi-tenant environments where guest isolation is critical.

There was no known mitigation available at the time of disclosure. The only resolution is to apply the security patches provided by Xen. Patches were made available for Xen-unstable and Xen versions 4.9 through 4.13 (Xen Advisory). Various Linux distributions have released updated packages to address this vulnerability, including Debian, Ubuntu, Fedora, and OpenSUSE (OpenSUSE, Debian).