4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
55.3%
The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM.
A malicious guest administrator can mount a denial of service attack affecting domain control and management functions.
In more detail:
A malicious guest administrator can cause oxenstored to crash; after this many host control operations (for example, starting and stopping domains, device hotplug, and some monitoring functions), will be unavailable. Domains which are already running are not directly affected.
Such an attacker can also cause a memory exhaustion in the domain running oxenstored; often this will make the host’s management functions unavailable.
Information leak of control plane data is also theoretically possible.
Any system running oxenstored is vulnerable. oxenstored was introduced in Xen version 4.1.
oxenstored was made the default in Xen 4.2.if a suitable ocaml toolchain was installed at build time.
Systems running a 32-bit oxenstored are vulnerable only to the crash and not to the large memory allocation issue.