Certain internal state is set up, during domain construction, in
preparation for possible pass-through device assignment. On ARM and
AMD V-i hardware this setup includes memory allocation. On guest
teardown, cleanup was erroneously only performed when the guest
actually had a pass-through device assigned.
A malicious guest may, by frequently rebooting over extended periods
of time, run the system out of memory, resulting in a Denial of
The leak is no more than 4kbytes per guest boot.
Xen versions 3.3 and later are affected.
ARM systems, and x86 AMD systems, are affected. Intel systems, and
systems without IOMMU/SMMU hardware, are unaffected.
All guest kinds can exploit this vulnerability.
Limiting the frequency with which a guest is able to reboot, will
limit the memory leak.
Rebooting each host (after migrating its guests) periodically will
reclaim the leaked space.
Name: the Xen project
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1422492]