漏洞标题
N/A
漏洞描述信息
在Xen 4.10.x 及以上版本中发现了一个问题。某些 PV MMU 操作可能需要花费很长时间进行处理。因此,Xen 明确检查了在某些点上需要先empt当前 vCPU 的需求。一小部分罕见的代码路径确实绕过了这种检查。通过适当地 enforce 条件并通过自身的页表内容,恶意 guest 可能导致这种绕过用于无限次迭代。恶意或有缺陷的 PV guest 可能导致整个主机的 DDoS(拒绝服务)。具体来说,它可能阻止使用物理 CPU 的任意时间。所有从3.4开始的版本都是安全的。3.3 及更早版本的 Xen 版本受到一类攻击的漏洞更加危险,因为它们在受影响的代码路径中完全没有先empt检查。只受影响的 x86 系统。ARM 系统不受影响。只有具有多个 vCPU 的 x86 PV guests 和具有单个 vCPU 的 x86 PV guests 可以使用此漏洞。具有多个 vCPU 的 x86 HVM 或 PVH guests 以及具有单个 vCPU 的 x86 PV guests 无法利用此漏洞。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Xen 安全漏洞
漏洞描述信息
Xen是英国剑桥大学开发的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen 4.10.x及之前版本(32位系统)中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误