add-to-physmap error paths fail to release lock on ARM

2017-08-23T15:16:00
ID XSA-235
Type xen
Reporter Xen Project
Modified 2017-08-23T15:16:00

Description

ISSUE DESCRIPTION

When dealing with the grant map space of add-to-physmap operations, ARM specific code recognizes a number of error conditions, but fails to release a lock being held on the respective exit paths.

IMPACT

A malicious guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for an indefinite period of time.

VULNERABLE SYSTEMS

Xen versions 4.4 and later are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only ARM systems are affected. X86 systems are not affected.