An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
| Link | Tags |
|---|---|
| https://xenbits.xenproject.org/xsa/advisory-358.html | patch vendor advisory |
| https://www.debian.org/security/2020/dsa-4812 | third party advisory vendor advisory |
| http://www.openwall.com/lists/oss-security/2020/12/16/4 | third party advisory mailing list |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/ | vendor advisory |
| https://security.gentoo.org/glsa/202107-30 | third party advisory vendor advisory |