Certain domctl operations may be abused to lock up the host

ID XSA-127
Type xen
Reporter Xen Project
Modified 2015-03-31T12:09:00



XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was not really correct: Their (mis-)use may result in host lockups. As a result, the potential security benefits of toolstack disaggregation are not always fully realised.


Domains deliberately given partial management control may be able to deny service to the entire host. As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design.


Xen versions 4.3 onwards are vulnerable. Xen versions 4.2 and earlier do not have the described disaggregation functionality and hence are not vulnerable.