FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- leak of per-domain profiling-related vcpu pointer array

Affected packages
4.0 <= xen-kernel < 4.5.1_1

Details

VuXML ID e3792855-881f-11e5-ab94-002590263bf5
Discovery 2015-10-29
Entry 2015-11-11

The Xen Project reports:

A domain's xenoprofile state contains an array of per-vcpu information... This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory.

The following parties can mount a denial of service attack affecting the whole system:

The ability to also restart or create suitable domains is also required to fully exploit the issue. Without this the leak is limited to a small multiple of the maximum number of vcpus for the domain.

References

CVE Name CVE-2015-7969
URL http://xenbits.xen.org/xsa/advisory-151.html