On ARM systems the code which deals with virtualising the GIC
distributor would, under various circumstances, log messages on a
guest accessible code path without appropriate rate limiting.
A malicious guest could cause repeated logging to the hypervisor
console, leading to a Denial of Service attack.
Xen 4.4 and later systems running on ARM hardware are vulnerable.
x86 systems are not affected.
The problematic log messages are issued with priority Warning.
Therefore they can be rate limited by adding "loglvl=error/warning" to the
hypervisor command line or suppressed entirely by adding "loglvl=error".
Applying the attached patch(es) resolves this issue.
This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5.
Red Hat would like to thank the Xen for reporting this issue. Upstream acknowledges Julien Grall as the original reporter.
Created attachment 985562 [details]
Created attachment 985563 [details]
Created attachment 985564 [details]
Fedora isn't affected as we haven't yet built xen on ARM. The patches have however been applied to xen-4.5.0-1.fc22 and the other Fedora versions will have patched code when xen-4.4.2 and xen-4.3.4 (currently both at -rc1) are released.
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1563 to
the following vulnerability:
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows
local guests to cause a denial of service by causing a large number
messages to be logged.
xen-4.4.1-16.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.