FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- virtio: unbounded memory allocation issue

Affected packages
xen-tools < 4.7.0_4

Details

VuXML ID 06574c62-5854-11e6-b334-002590263bf5
Discovery 2016-07-27
Entry 2016-08-02

The Xen Project reports:

A guest can submit virtio requests without bothering to wait for completion and is therefore not bound by virtqueue size...

A malicious guest administrator can cause unbounded memory allocation in QEMU, which can cause an Out-of-Memory condition in the domain running qemu. Thus, a malicious guest administrator can cause a denial of service affecting the whole host.

[source]

References

CVE Name CVE-2016-5403
FreeBSD PR ports/211482
URL http://xenbits.xen.org/xsa/advisory-184.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.