Xen ProjectXSA-201ARM guests may induce host asynchronous abort
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%
ISSUE DESCRIPTION
Depending on how the hardware and firmware have been integrated, guest-triggered asynchronous aborts (SError on ARMv8) may be received by the hypervisor. The current action is to crash the host.
A guest might trigger an asynchronous abort when accessing memory mapped hardware in a non-conventional way. Even if device pass-through has not been configured, the hypervisor may give the guest access to memory mapped hardware in order to take advantage of hardware virtualization.
The CVEs are as follows: xsa201-1.patch CVE-2016-9815 xsa201-2.patch CVE-2016-9816 xsa201-3-*.patch CVE-2016-9817 xsa201-4.patch CVE-2016-9818
IMPACT
A malicious guest may be able to crash the host.
VULNERABLE SYSTEMS
All Xen versions which support ARM are potentially affected.
Whether a particular ARM systems is affected depends on technical details of the hardware and/or firmware.
x86 systems are not affected.
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%