FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- Certain domctl operations may be abused to lock up the host

Affected packages
4.3 <= xen-kernel < 4.5.0_3

Details

VuXML ID 103a47d5-27e7-11e5-a4a5-002590263bf5
Discovery 2015-03-31
Entry 2015-07-11

The Xen Project reports:

XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was not really correct: Their (mis-)use may result in host lockups.

As a result, the potential security benefits of toolstack disaggregation are not always fully realised.

Domains deliberately given partial management control may be able to deny service to the entire host.

As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design.

References

CVE Name CVE-2015-2751
URL http://xenbits.xen.org/xsa/advisory-127.html