ISSUE DESCRIPTION ================= Allocation of pages used to communicate with external emulators did not follow certain principles that are required for proper life cycle management of guest exposed pages. IMPACT ====== A compromised DM stubdomain may cause Xen to crash, resulting in a DoS (Denial of Service) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== Only Xen 4.11 is affected by this vulnerability. Xen 4.10 and older are not affected by this vulnerability. Only systems running HVM guests with their devicemodels in a stubdomain are considered vulnerable. Note that attackers also need to exploit the devicemodel in order to have access to this vulnerability. Arm guests cannot leverage this vulnerability. MITIGATION ========== Running only PV guests will avoid this vulnerability. (The security of a Xen system using stub domains is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm.) References: https://xenbits.xen.org/xsa/advisory-276.html
Acknowledgments: Name: the Xen project Upstream: Julien Grall (ARM)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1652251]