Bug 1284933 - (CVE-2015-8341, xsa160) CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition
CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151208,repor...
: Security
Depends On: 1289568
Blocks: 1504025
  Show dependency treegraph
 
Reported: 2015-11-24 08:43 EST by Adam Mariš
Modified: 2017-12-12 01:07 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-12 01:07:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
xen-unstable (2.52 KB, patch)
2015-11-24 08:44 EST, Adam Mariš
no flags Details | Diff
Xen 4.3.x, 4.4.x (2.48 KB, patch)
2015-11-24 08:45 EST, Adam Mariš
no flags Details | Diff
Xen 4.5.x, 4.6.x (2.52 KB, patch)
2015-11-24 08:45 EST, Adam Mariš
no flags Details | Diff

  None (edit)
Description Adam Mariš 2015-11-24 08:43:19 EST
When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain (e.g. pygrub) libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain.

However if building the domain subsequently fails these mappings would not be released leading to a leak of virtual address space in the calling process, as well as preventing the recovery of the temporary disk files containing the kernel and initial ramdisk.

For toolstacks which manage multiple domains within the same process, an attacker who is able to repeatedly start a suitable domain (or many such domains) can cause an out-of-memory condition in the toolstack process, leading to a denial of service.

Under the same circumstances an attacker can also cause files to accumulate on the toolstack domain filesystem (usually under /var in dom0) used to temporarily store the kernel and initial ramdisk, perhaps leading to a denial of service against arbitrary other services using that filesystem.

Both ARM and x86 systems using a libxl based toolstack are potentially vulnerable. Only libxl-based toolstacks which manage multiple domains in the same process (such as `libvirt') are vulnerable. libxl-based toolstacks which manage only a single domain per process and which exit on failure to create a domain (such as `xl') are not vulnerable. Toolstacks not using libxl are not vulnerable to this issue. Only domains configured to use a PV bootloader in the toolstack domain (e.g. pygrub) will expose this issue. Domains configured to use pvgrub (a totally different program) are not vulnerable. x86 HVM domains are not vulnerable. Systems where the kernel and initial ramdisk are provided by the host administrator from files in domain 0 are not vulnerable. Xen versions 4.1.x and later are vulnerable.

Avoiding the use of the PV bootloader mechanisms which run as processes in the toolstack domain (pygrub), either by providing kernels directly from the toolstack domain or using a PV bootloader which runs in guest context (such as pvgrub) will prevent exposure of this issue.
Comment 1 Adam Mariš 2015-11-24 08:44 EST
Created attachment 1098202 [details]
xen-unstable
Comment 2 Adam Mariš 2015-11-24 08:45 EST
Created attachment 1098203 [details]
Xen 4.3.x, 4.4.x
Comment 3 Adam Mariš 2015-11-24 08:45 EST
Created attachment 1098204 [details]
Xen 4.5.x, 4.6.x
Comment 4 Adam Mariš 2015-11-26 04:03:48 EST
Acknowledgments:

Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges George Dunlap of Citrix as the original reporter.
Comment 5 Martin Prpič 2015-12-08 07:30:07 EST
External References:

http://xenbits.xen.org/xsa/advisory-160.html
Comment 6 Martin Prpič 2015-12-08 07:42:39 EST
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1289568]
Comment 7 Fedora Update System 2015-12-17 02:26:46 EST
xen-4.5.2-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2015-12-19 19:22:58 EST
xen-4.5.2-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.