ISSUE DESCRIPTION
=================
Allocation of pages used to communicate with external emulators did not
follow certain principles that are required for proper life cycle
management of guest exposed pages.
IMPACT
======
A compromised DM stubdomain may cause Xen to crash, resulting in a DoS
(Denial of Service) affecting the entire host. Privilege escalation
as well as information leaks cannot be ruled out.
VULNERABLE SYSTEMS
==================
Only Xen 4.11 is affected by this vulnerability. Xen 4.10 and older are
not affected by this vulnerability.
Only systems running HVM guests with their devicemodels in a
stubdomain are considered vulnerable. Note that attackers also need
to exploit the devicemodel in order to have access to this
vulnerability.
Arm guests cannot leverage this vulnerability.
MITIGATION
==========
Running only PV guests will avoid this vulnerability.
(The security of a Xen system using stub domains is still better than
with a qemu-dm running as an unrestricted dom0 process. Therefore
users with these configurations should not switch to an unrestricted
dom0 qemu-dm.)
References:
https://xenbits.xen.org/xsa/advisory-276.html