Lucene search

K
xenXen ProjectXSA-410
HistoryOct 11, 2022 - 10:57 a.m.

P2M pool freeing may take excessively long

2022-10-1110:57:00
Xen Project
xenbits.xen.org
22
p2m pool
freeing delay
preemption checks
dos
xen
x86
arm

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

ISSUE DESCRIPTION

The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

IMPACT

A group of collaborating guests can cause the temporary locking up of a CPU, potentially leading to a Denial of Service (DoS) affecting the entire host.

VULNERABLE SYSTEMS

All Xen versions are vulnerable.
x86 HVM and PVH guests as well as Arm guests can trigger the vulnerability. x86 PV guests cannot trigger the vulnerability.

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%