LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xen: denial of service

Package(s):xen CVE #(s):CVE-2013-0151 CVE-2013-0152
Created:February 4, 2013 Updated:February 6, 2013
Description: From the Red Hat bugzilla:

CVE-2013-0151: nested virtualization on 32-bit exposes host crash

When performing nested virtualisation Xen would incorrectly map guest pages for extended periods using an interface which is only intended for transient mappings. In some configurations there are a limited number of slots available for these transient mappings and exhausting them leads to a host crash and therefore a Denial of Service attack.

A malicious guest administrator can, by enabling nested virtualisation from within the guest, trigger the issue.

CVE-2013-0152: nested HVM exposes host to being driven out of memory by guest

Guests are currently permitted to enable nested virtualization on themselves. Missing error handling cleanup in the handling code makes it possible for a guest, particularly a multi-vCPU one, to repeatedly invoke this operation, thus causing a leak of - over time - unbounded amounts of memory.

A malicious domain can mount a denial of service attack affecting the whole system.

Alerts:
Fedora FEDORA-2013-1434 2013-02-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds