CVE-2020-11743: 
NixOS vulnerability analysis and mitigation

CVE-2020-11743 is a vulnerability discovered in Xen through version 4.13.x, publicly disclosed on April 14, 2020. The issue involves a bad error path in GNTTABOPmapgrant where grant table operations incorrectly return a positive value instead of a negative number for errors. This vulnerability affects systems running any version of Xen with the XSA-295 fixes, particularly those using Linux-based dom0 or driver domains (Xen Advisory).

The vulnerability stems from misplaced brackets in the code that cause an error path to return 1 instead of the expected negative value for errors. Grant table operations are designed to return 0 for success and negative numbers for errors. The Linux grant table code interprets this unexpected positive return value as a success condition and proceeds with incorrectly initialized state. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows a buggy or malicious guest to construct its grant table in such a way that when a backend domain attempts to map a grant, it triggers the incorrect error path. This results in a crash of the Linux-based dom0 or backend domain. Systems running FreeBSD or NetBSD based dom0 or driver domains are not impacted as they treat any nonzero value as a failure (Xen Advisory).

Two mitigation paths are available: applying Linux patches alone is sufficient to mitigate the issue, which might be preferred for systems supporting Linux livepatching but not Xen. Alternatively, applying both the Xen patch and Linux patch is recommended for complete resolution. The Xen patch fixes the error return value, while the Linux patch makes Linux's behavior more robust to unexpected values (Xen Advisory).