4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%
A domain’s xenoprofile state contains an array of per-vcpu information, which is allocated once in the lifetime of a domain in response to that domain using the XENOPROF_get_buffer hypercall on itself or by a domain with the privilege to profile a target domain using the XENOPROF_set_passive hypercall.
This array is leaked on domain teardown. This memory leak could – over time – exhaust the host’s memory.
The following parties can mount a denial of service attack affecting the whole system:
Versions of Xen from 4.0 onwards are vulnerable.
The XENOPROF hypercalls are only implemented on x86. ARM is therefore not vulnerable.