Lucene search

K
xenXen ProjectXSA-146
HistoryOct 29, 2015 - 11:59 a.m.

arm: various unimplemented hypercalls log without rate limiting

2015-10-2911:59:00
Xen Project
xenbits.xen.org
51

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

26.7%

ISSUE DESCRIPTION

The HYPERVISOR_physdev_op hypercall and most suboperations of the HYPERVISOR_hvm_op hypercall are not currently implemented by Xen on ARM and when called will log the use to the hypervisor console. However these guest accessible log messages are not rate-limited.

IMPACT

A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.

VULNERABLE SYSTEMS

Xen 4.4 and later systems running on ARM hardware are vulnerable.
x86 systems are not affected.

Affected configurations

Vulners
Node
xenxenMatch4.4
VendorProductVersionCPE
xenxen4.4cpe:2.3:o:xen:xen:4.4:*:*:*:*:*:*:*

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

26.7%