Vigil@nce - Xen: denial of service via HVM p2m
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located in a Xen HVM guest system, can arrange
his memory space, in order to create a denial of service on the
host system.
Severity: 1/4
Creation date: 10/08/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
A Xen guest system can be configured in HVM (Hardware Assisted
Virtualization) mode, in order to use resources of the real
physical system.
The xen/arch/x86/mm/p2m.c file implements the mapping
Physical-to-Machine. The p2m_teardown() function is called when
the guest system is stopped, in order to free shared memory pages.
However, if the guest system has no pages, this function
indefinitely loops.
An attacker, who is located in a Xen HVM guest system, can
therefore arrange his memory space, in order to create a denial of
service on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-HVM-p2m-11838