Vigil@nce: Linux kernel, denial of service via xen
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located in a xen guest system, can reopen a
XenBus device, so kernel resources are never freed, which creates
a denial of service.
– Severity: 1/4
– Creation date: 25/11/2010
DESCRIPTION OF THE VULNERABILITY
The XenBus bus is used by para-virtualized devices to communicate
between domains.
The blkback, blktap and netback devices use XenBus. However, when
the bus is reopened without being closed, these devices do not
free a kernel thread. The xenwatch task then blocks, and
management commands (xm utility) stop working.
An attacker, who is located in a xen guest system, can therefore
reopen a XenBus device, so kernel resources are never freed, which
creates a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-xen-10153