ISSUE DESCRIPTION
=================
When shutting down a VM with a stubdomain, a race in cxenstored may
cause a double-free.
IMPACT
======
The xenstored daemon may crash, resulting in a DoS of any parts of the
system relying on it (including domain creation / destruction,
ballooning, device changes, etc).
VULNERABLE SYSTEMS
==================
All versions of Xen are vulnerable.
Only systems running the C version os xenstored ("xenstored") are
vulnerable; systems running the Ocaml version ("oxenstored") are not
vulnerable.
Only systems running devicemodel stubdomains are vulnerable. Only x86
HVM guests can use stubdomains. Therefore ARM systems, x86 systems
running only PV guests, and x86 systems running HVM guests with the
devicemodel not in a stubdomain (eg in dom0), are not vulnerable.
MITIGATION
==========
Running oxenstored will mitigate this issue. Not using stubdomains
will also mitigate the issue.
External References:
http://xenbits.xen.org/xsa/advisory-233.html
ISSUE DESCRIPTION ================= When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. IMPACT ====== The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc). VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. Only systems running the C version os xenstored ("xenstored") are vulnerable; systems running the Ocaml version ("oxenstored") are not vulnerable. Only systems running devicemodel stubdomains are vulnerable. Only x86 HVM guests can use stubdomains. Therefore ARM systems, x86 systems running only PV guests, and x86 systems running HVM guests with the devicemodel not in a stubdomain (eg in dom0), are not vulnerable. MITIGATION ========== Running oxenstored will mitigate this issue. Not using stubdomains will also mitigate the issue. External References: http://xenbits.xen.org/xsa/advisory-233.html