Description of the problem:
An HVM guest is able to manipulate its physical address space such
that tearing down the guest takes an extended period amount of
time searching for shared pages.
This causes the domain 0 VCPU which tears down the domain to be
blocked in the destroy hypercall. This causes that domain 0 VCPU to
become unavailable and may cause the domain 0 kernel to panic.
There is no requirement for memory sharing to be in use.
A privileged user in HVM guest can cause the host to become
unresponsive for a period of time, potentially leading to a DoS. PV
guests are not affected.
This vulnerability affects only Xen 4.0 and 4.1. Xen 3.4 and earlier
and xen-unstable are not vulnerable.
Acknowledgements:
Red Hat would like to thank the Xen for reporting this issue.
Petr, this doesn't seem to affect RHEL. None of the patched code is part of RHEL (we never really backported anything in this area after 5.3/5.4, and those corresponded roughly to Xen 3.2 -> 3.4).
(In reply to comment #2)
> Petr, this doesn't seem to affect RHEL. None of the patched code is part of
> RHEL (we never really backported anything in this area after 5.3/5.4, and
> those corresponded roughly to Xen 3.2 -> 3.4).
You are right, thank you for having a look.
Statement:
Not vulnerable.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6,
and Red Hat Enterprise MRG are not affected.
The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected because we did not provide support for memory sharing functionality.