Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1652227 (CVE-2018-19964, XSA-277) - CVE-2018-19964 xsa277 xen: x86: incorrect error handling for guest p2m page removals (XSA-277)
Summary: CVE-2018-19964 xsa277 xen: x86: incorrect error handling for guest p2m page r...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2018-19964, XSA-277
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1652251
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-21 17:46 UTC by Pedro Sampaio
Modified: 2021-02-16 22:44 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:43:08 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2018-11-21 17:46:14 UTC
ISSUE DESCRIPTION
=================

The internal function querying a domain's p2m table grabs the p2m lock
by default, so that the answer to the query remains true until the
caller can act on that information; it is up to the caller then to
release the lock.  Unfortunately, certain failure paths don't release
the lock.

IMPACT
======

A malicious or buggy guest may cause a deadlock, resulting in a DoS
(Denial of Service) affecting the entire host.

VULNERABLE SYSTEMS
==================

Xen 4.11 and onward are vulnerable.

Only x86 systems are vulnerable.  ARM systems are not vulnerable.

Only systems running untrusted HVM or PVH guests are vulnerable.
Systems running only PV guests are not vulnerable.

MITIGATION
==========

Running only PV guests will avoid this vulnerability.

References:

https://xenbits.xen.org/xsa/advisory-277.html

Comment 1 Pedro Sampaio 2018-11-21 17:46:28 UTC
Acknowledgments:

Name: the Xen project
Upstream: Paul Durrant (Citrix)

Comment 2 Pedro Sampaio 2018-11-21 18:11:33 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1652251]


Note You need to log in before you can comment on or make changes to this bug.