In Xen 4.10, new infrastructure was introduced as part of an overhaul to
how MSR emulation happens for guests. Unfortunately, one tracking
structure isn't freed when a vcpu is destroyed.
A memory allocation of 8 bytes is leaked each time a vcpu is destroyed.
A malicious guest may, by frequently rebooting over extended periods of
time, run the system out of memory, resulting in a Denial of Service
Xen versions 4.10 and later are affected. Xen 4.9 and earlier are not
Only x86 systems are affected. ARM systems are not.
All guest kinds can exploit this vulnerability.
Limiting the frequency with which a guest is able to reboot, will
limit the memory leak.
Rebooting each host (after migrating its guests) periodically will
reclaim the leaked space.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1531110]
Name: the Xen project
Upstream: Andrew Cooper (Citrix)