Xen ProjectXSA-97Long latency virtual-mmu operations are not preemptible
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
26.0%
ISSUE DESCRIPTION
Some MMU virtualization operations on HVM guests must process every page assigned to a guest. For larger guests, this can tie up a vcpu for a significant amount of time, as the operations are not preemptible.
For guests using Hardware Assisted Paging (HAP, see below) this is CVE-2014-5146. For guests not using HAP this is CVE-2014-5149.
IMPACT
A malicious HVM guest with a large allocation of shadow/p2m RAM can mount a denial of service attack affecting the whole system.
VULNERABLE SYSTEMS
ARM systems are not vulnerable.
All x86 Xen versions are vulnerable.
The vulnerability is only exposed to HVM guests.
In the default configuration, the vulnerability is only exposed to large guests (guests assigned more than 128Gbytes of memory).
Related
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
26.0%