Lucene search

K
xenXen ProjectXSA-97
HistoryAug 12, 2014 - 12:00 p.m.

Long latency virtual-mmu operations are not preemptible

2014-08-1212:00:00
Xen Project
xenbits.xen.org
27

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

26.0%

ISSUE DESCRIPTION

Some MMU virtualization operations on HVM guests must process every page assigned to a guest. For larger guests, this can tie up a vcpu for a significant amount of time, as the operations are not preemptible.
For guests using Hardware Assisted Paging (HAP, see below) this is CVE-2014-5146. For guests not using HAP this is CVE-2014-5149.

IMPACT

A malicious HVM guest with a large allocation of shadow/p2m RAM can mount a denial of service attack affecting the whole system.

VULNERABLE SYSTEMS

ARM systems are not vulnerable.
All x86 Xen versions are vulnerable.
The vulnerability is only exposed to HVM guests.
In the default configuration, the vulnerability is only exposed to large guests (guests assigned more than 128Gbytes of memory).

CPENameOperatorVersion
xeneqany

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

26.0%