Vigil@nce - Xen: denial of service via XEN_DOMCTL_memory_mapping
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located in an x86 HVM guest with a PCI device in
PassThrough, can use XEN_DOMCTL_memory_mapping() on Xen, in order
to trigger a denial of service.
– Impacted products: Fedora, Unix (platform)
– Severity: 1/4
– Creation date: 31/03/2015
DESCRIPTION OF THE VULNERABILITY
The XEN_DOMCTL_memory_mapping() hypercalls associates a machine
input/output address to an HVM address.
However, this hypercall is not preemptible (interruptible if it is
waiting).
An attacker, located in an x86 HVM guest with a PCI device in
PassThrough, can therefore use XEN_DOMCTL_memory_mapping() on Xen,
in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-XEN-DOMCTL-memory-mapping-16502