Vigil@nce - Xen: buffer overflow of pyxc_vcpu_setaffinity
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the system uses the Python libxc Toolstack, a guest
administrator can generate a buffer overflow in
pyxc_vcpu_setaffinity() of Xen, in order to trigger a denial of
service, and possibly to execute code.
Impacted products: Fedora, Unix (platform)
Severity: 2/4
Creation date: 21/05/2013
DESCRIPTION OF THE VULNERABILITY
Xen can be configured with a Python libxc, xl or xapi Toolstack.
The pyxc_vcpu_setaffinity() function of tools/python/xen/lowlevel/xc/xc.c
defines the affinity of a VCPU. However, this function does not
check if the VCPU number is larger than the size of the array
storing information.
When the system uses the Python libxc Toolstack, a guest
administrator can therefore generate a buffer overflow in
pyxc_vcpu_setaffinity() of Xen, in order to trigger a denial of
service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-buffer-overflow-of-pyxc-vcpu-setaffinity-12845