Allowing arbitrary extent_order input values for XENMEM_decrease_reservation,
XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time
being spent in loops without allowing vital other code to get a chance to
execute. This may also cause inconsistent state resulting at the completion
of these hypercalls.
A malicious guest administrator can cause Xen to hang.
Versions of Xen that do not support supporting Populate-on-Demand may
only be theoretically affected.
Red Hat would like to thank the Xen project for reporting this issue.
Please note that we do not support Populate-on-Demand in Xen hypervisor as shipped with Red Hat Enterprise Linux 5.
This issue did affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Created xen tracking bugs for this issue
Affects: fedora-all [bug 883092]
xen-4.1.3-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.1.3-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0168 https://rhn.redhat.com/errata/RHSA-2013-0168.html