Vigil@nce - Xen: denial of service via Kernel/RamDisk Size
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is administrator in a guest system, can enlarge
the kernel/ramdisk size, in order to create a denial of service on
the host system.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 26/10/2012
DESCRIPTION OF THE VULNERABILITY
The Linux kernel is stored in a file. When the system starts, this
kernel uses the ramdisk (a file system stored in RAM memory).
However, if the kernel/ramdisk size is larger than the allocated
RAM for the guest system, the host system consumes resources to
start this kernel. ParaVirtualized systems with pygrub are
vulnerable.
An attacker, who is administrator in a guest system, can therefore
enlarge the kernel/ramdisk size, in order to create a denial of
service on the host system.
This vulnerability is a variant of VIGILANCE-VUL-11650
(https://vigilance.fr/tree/1/11650).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-Kernel-RamDisk-Size-12096