Vigil@nce - Xen: denial of service via Event Channel Port Allocation

July 2020 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/?langue=2

SYNTHESIS OF THE VULNERABILITY

Impacted products: Debian, Fedora, openSUSE Leap, SUSE Linux

Enterprise Desktop, SLES, Xen.

Severity: 1/4.

Consequences: denial of service on server, denial of service on service.

Provenance: privileged shell.

Confidence: confirmed by the editor (5/5).

Creation date: 07/07/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker, inside a guest system, can trigger a fatal error via Event Channel Port Allocation of Xen, in order to trigger a denial of service on the host system.

