Denial of Service (DoS) vulnerability when Xen VM exits

Release date:
Updated on:

Affected Systems:
OpenVZ Project OpenVZ 028stab091. 1
OpenVZ Project OpenVZ 028stab089. 1
OpenVZ Project OpenVZ 028stab085. 2
OpenVZ Project OpenVZ 028stab081. 1
OpenVZ Project OpenVZ 023stab054. 1
OpenVZ Project OpenVZ 023stab053. 2
Unaffected system:
OpenVZ Project OpenVZ 028stab092. 2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48610
Cve id: CVE-2011-1780, CVE-2011-1936

Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.

Xen has a denial of service vulnerability. A local attacker can exploit this vulnerability to cause the client and host operating system to crash and the denial of service is valid.

There is a Bug in how Xen handles the simulated commands when exiting the VM. A malicious user space process running on the SMP client can trigger the instruction that the simulator reads and does not cause the VM to exit. A valid instruction that causes the VM to exit can be run in a process, and replace this command with other commands from another thread. Unauthorized client users can exploit this vulnerability to crash the host.

<* Source: vendor

Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2011-1780
Http://permalink.gmane.org/gmane.comp.security.oss.general/5435
Https://bugzilla.redhat.com/show_bug.cgi? CVE-2011-1936
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

OpenVZ Project
--------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://wiki.openvz.org/Main_Page