CVE-2020-29567: 
NixOS vulnerability analysis and mitigation

An issue was discovered in Xen 4.14.x affecting IRQ vector management. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. The vulnerability was discovered by Roger Pau Monné of Citrix and publicly disclosed on December 15, 2020. The issue affects x86 systems running Xen 4.14.x, while Xen versions 4.13 and older, as well as Arm systems, are not vulnerable (Xen Advisory).

The vulnerability occurs during the IRQ vector cleanup process. When certain conditions for de-allocation are not met during the initial check, the checking CPU sends an interrupt to itself, expecting the IRQ to be delivered only after the condition preventing the cleanup has cleared. However, for two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts. This renders the affected CPU effectively unusable. The issue has been assigned a CVSS v3.1 Base Score of 6.2 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

A domain with a passed-through PCI device can exploit this vulnerability to cause a lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. The impact is limited to systems where guests have physical PCI devices passed through to them (Xen Advisory).

There were no known mitigations for this vulnerability at the time of disclosure. The issue was resolved through a patch release, and affected users were advised to update to the patched version. The fix was included in security updates for various distributions, including Fedora 33 (version 4.14.0-14.fc33) and Gentoo (versions >= 4.14.2-r1) (Fedora Update, Gentoo Advisory).