Vigil@nce - Xen 4.2: denial of service via debugging
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When debugging is enabled in Xen, an administrator located in a
guest system can stop the host system.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 04/01/2013
DESCRIPTION OF THE VULNERABILITY
The Xen hypervisor can be compiled and configured with debugging
enabled.
In this case, when an administrator in a paravirtualized guest
system uses an invalid hypercall, the memory __get_page_type()
function can return EINTR or EAGAIN. However, the get_page_type()
function of the xen/arch/x86/mm.c file does not expect to receive
these values, and throws an assertion, which stops the hypervisor.
When debugging is enabled in Xen, an administrator located in a
guest system can therefore stop the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-4-2-denial-of-service-via-debugging-12284