Xen ProjectXSA-90Linux netback crash trying to disable due to malformed packet
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%
ISSUE DESCRIPTION
When Linuxβs netback sees a malformed packet, it tries to disable the interface which serves the misbehaving frontend.
This involves taking a mutex, which might sleep. But in recent versions of Linux the guest transmit path is handled by NAPI in softirq context, where sleeping is not allowed. The end result is that the backend domain (often, Dom0) crashes with βscheduling while atomicβ.
IMPACT
Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact is a host crash.
VULNERABLE SYSTEMS
This bug affects systems using Linux as the driver domain, including non-disaggregated systems using Linux as dom0.
Only versions of Linux whose netback uses NAPI are affected. In Linux mainline this is all versions of Linux containing git changeset b3f980bd82, which was introduced between Linux 3.11 and 3.12-rc1.
Systems using a different OS as dom0 (eg, NetBSD, Solaris) are not vulnerable.
Both x86 and ARM systems are affected.
Related
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.6%