Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS
This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier and xen-unstable are not vulnerable.
A vulnerability was reported in Xen. A local user on a guest operating system can cause denial of service conditions on the host.
An HVM guest is able to manipulate its physical address space such that tearing down the guest takes an extended period amount of time searching for shared pages.
This causes the domain 0 VCPU which tears down the domain to be blocked in the destroy hypercall. This causes that domain 0 VCPU to become unavailable and may cause the domain 0 kernel to panic.
There is no requirement for memory sharing to be in use.
A guest kernel can cause the host to become unresponsive for a period of time, potentially leading to a DoS.