You are here

U-232: Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS

August 10, 2012 - 7:00am

Addthis

PROBLEM:

Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS

PLATFORM:

This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier and xen-unstable are not vulnerable.

ABSTRACT:

A vulnerability was reported in Xen. A local user on a guest operating system can cause denial of service conditions on the host.

reference LINKS:

Xen Security Announcements
SecurityTracker Alert ID: 1027365
seclists.org
CVE-2012-3433

IMPACT ASSESSMENT:

Medium

Discussion:

An HVM guest is able to manipulate its physical address space such that tearing down the guest takes an extended period amount of time searching for shared pages.
This causes the domain 0 VCPU which tears down the domain to be blocked in the destroy hypercall. This causes that domain 0 VCPU to become unavailable and may cause the domain 0 kernel to panic.
There is no requirement for memory sharing to be in use.

Impact:

A guest kernel can cause the host to become unresponsive for a period of time, potentially leading to a DoS.

Solution:

Xen Download

Addthis