Buffer overflow in xencontrol Python bindings affecting xend

Type xen
Reporter Xen Project
Modified 2013-05-17T15:44:00



The Python bindings for the xc_vcpu_setaffinity call do not properly check their inputs. Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory.


An attacker who is able to configure a specific vcpu affinity via a toolstack which uses the Python bindings is able to exploit this issue. Exploiting this issue leads to memory corruption which may result in a DoS against the system by crashing the toolstack. The possibility of code execution (privilege escalation) has not been ruled out. The xend toolstack passes a cpumap to this function without sanitization. xend allows the cpumap to be configured via the guest configuration file or the SXP/XenAPI interface. Normally these interfaces are not considered safe to expose to non-trusted parties. However systems which attempt to allow guest administrator control of VCPU affinity in a safe way via xend may expose this issue.


Xen version 4.0 and later contain this flaw. Only systems which allow the specification of cpu affinity masks by untrusted guest administrators are vulnerable. Normally the cpu affinity is specified by the host administrator as part of the guest configuration; there is then no vulnerability. Only systems which use the libxc Python bindings, are vulnerable. Toolstacks which do not use Python, such as xl or xapi, are not vulnerable.