Xen ProjectXSA-233cxenstored: Race in domain cleanup
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%
ISSUE DESCRIPTION
When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free.
IMPACT
The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc).
VULNERABLE SYSTEMS
All versions of Xen are vulnerable.
Only systems running the C version os xenstored (“xenstored”) are vulnerable; systems running the Ocaml version (“oxenstored”) are not vulnerable.
Only systems running devicemodel stubdomains are vulnerable. Only x86 HVM guests can use stubdomains. Therefore ARM systems, x86 systems running only PV guests, and x86 systems running HVM guests with the devicemodel not in a stubdomain (eg in dom0), are not vulnerable.
Related
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%