XEN 4.3.0 Denial Of Service Gain privileges Vulnerability
27 Jul. 2016
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
A vulnerability was reported in Xen. A local user on the guest system can cause denial of service conditions on the host system. A local user on the guest system can gain elevated privileges on the host system. The libxl device-handling code does not properly validate guest user-supplied data from the frontend directory in xenstore. A local administrative user on a guest system can supply specially crafted data to cause a virtual device to fail to function or fail to be properly torn down, consuming excessive resources each time the guest is rebooted or cause incorrect data to be displayed in management tools (e.g., xl). On guest systems systems configured with channel devices, a local administrative guest user may be able to obtain elevated privileges on the host system.
Xen systems using libxl-based toolstacks (e.g., xl, libvirt with the libxl driver) are affected.