The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and previous versions does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 4.4.0 |
||
xen xen 4.5.1 |
||
xen xen 4.5.0 |
Dis-ARM-ing flaw can cook your console
Xen has revealed details of bug CVE-2015-6654, which it warned about a couple of weeks back. The good news is that this one is rather less nasty than the string of guest/host escapes it's reported lately thanks largely to leaks in QEMU. Another nice piece of news is that this time around the problem's also only on ARM-compatible silicon, so even fewer folk will need to reach for their patch-o-matics. The bad news is that it's still a flaw and one that can create a denial of service attack on a X...