|Public release ||2013-01-22 11:49|
|Updated ||2013-01-23 18:28|
|Title ||Nested HVM exposes host to being driven out of memory by guest|
Filesadvisory-35.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2013-0152 / XSA-35
Nested HVM exposes host to being driven out of memory by guest
UPDATES IN VERSION 4
Fix corrupt patch xsa35-4.2-with-xsa34.patch.
Guests are currently permitted to enable nested virtualization on
themselves. Missing error handling cleanup in the handling code makes
it possible for a guest, particularly a multi-vCPU one, to repeatedly
invoke this operation, thus causing a leak of - over time - unbounded
amounts of memory.
A malicious domain can mount a denial of service attack affecting the
Only Xen 4.2 and Xen unstable are vulnerable. Xen 4.1 and earlier are
The vulnerability is only exposed by HVM guests.
Running only PV guests will avoid this vulnerability.
Applying the appropriate attached patch resolves this issue.
To fix both XSA 34 and XSA 35, first apply xsa34-4.2.patch from XSA 34
and then *also* apply xsa35-4.2-with-xsa34.patch from this advisory.
To fix this issue without addressing XSA 34, use xsa35.patch.
$ sha256sum xsa35*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team