FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- virtio: unbounded memory allocation issue

Affected packages
xen-tools < 4.7.0_4


VuXML ID 06574c62-5854-11e6-b334-002590263bf5
Discovery 2016-07-27
Entry 2016-08-02

The Xen Project reports:

A guest can submit virtio requests without bothering to wait for completion and is therefore not bound by virtqueue size...

A malicious guest administrator can cause unbounded memory allocation in QEMU, which can cause an Out-of-Memory condition in the domain running qemu. Thus, a malicious guest administrator can cause a denial of service affecting the whole host.


CVE Name CVE-2016-5403
FreeBSD PR ports/211482