VULNERABILITIES / FIXES - July 27, 2012
by Carol~ - 7/27/12 8:46 AM
Xen HVM Guest MMIO Emulation Denial of Service Vulnerability
Release Date : 2012-07-27
Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch
Software: Xen 4.x
A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
The vulnerability is caused due to certain data of MMIO operations not being handled properly after emulation cycles in HVM guests and can be exploited to crash subsequent emulations.
Successful exploitation requires that the guests are not PV (para-virtualised).
The vulnerability is reported in all supported versions.
Apply patch xsa10-4.x.patch.