漏洞标题
N/A
漏洞描述信息
通过Xen 4.13.x发现了一个问题,导致 guest OS 用户能够在 event-channel 端口分配错误的情况下导致 host OS 崩溃。事件通道端口的分配可能因多种原因失败:(1)端口已启用;(2)内存分配失败;或(3)我们试图分配的端口高于 ABI(如 guest 使用的 2L 或 FIFO)或管理员设置的最大事件通道数(xl cfg中的 max_event_channels)。由于缺少错误检查,只有(1)被认为是错误。在其他情况下,将为 valid port,并在尝试访问事件通道时导致崩溃。当管理员配置一个 guest 允许超过 1023 个事件通道时,那个 guest 可能能够导致主机崩溃。当 Xen 内存不足时,新事件通道的分配将导致主机崩溃,而不是报告错误。Xen 版本4.10 及其后续版本受到影响。所有架构都受到影响。当使用 xl/libxl 创建 guests 时,默认配置不会受到威胁,因为默认的事件通道限制。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Xen 代码问题漏洞
漏洞描述信息
Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen 4.13.x及之前版本中存在安全漏洞。攻击者可利用该漏洞导致主机操作系统崩溃。
CVSS信息
N/A
漏洞类别
代码问题