ISSUE DESCRIPTION ================= In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. IMPACT ====== A memory allocation of 8 bytes is leaked each time a vcpu is destroyed. A malicious guest may, by frequently rebooting over extended periods of time, run the system out of memory, resulting in a Denial of Service (DoS). VULNERABLE SYSTEMS ================== Xen versions 4.10 and later are affected. Xen 4.9 and earlier are not affected. Only x86 systems are affected. ARM systems are not. All guest kinds can exploit this vulnerability. MITIGATION ========== Limiting the frequency with which a guest is able to reboot, will limit the memory leak. Rebooting each host (after migrating its guests) periodically will reclaim the leaked space.
Public via: http://seclists.org/oss-sec/2018/q1/4
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1531110]
Acknowledgments: Name: the Xen project Upstream: Andrew Cooper (Citrix)