Vigil@nce - Xen: denial of service via Linux netback
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is administrator in a guest system, can send a
malicious netback packet to Xen installed on Linux, in order to
trigger a denial of service.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 24/03/2014
DESCRIPTION OF THE VULNERABILITY
The netback driver of Xen is located in the kernel of Dom0, and it
is connected to virtual network devices of DomU systems.
The Linux netback driver was modified since version 3.11: an
interface cannot be disabled immediately with NAPI. However, if
the guest domain sends a malformed packet to netback, the driver
tries to disable it immediately.
An attacker, who is administrator in a guest system, can therefore
send a malicious netback packet to Xen installed on Linux, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-Linux-netback-14463