CVE-2019-18423

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13

Description An issue in Xen allows ARM guest OS users to cause a denial of service via a XENMEM add to physmap hypercall. The functions p2m resolve translation fault() and p2m get entry() use p2m->max mapped gfn to sanity check guest physical frames, but the function p2m get root pointer() ignores unused top bits of a guest physical frame, leading to aliasing. This can cause p2m->max mapped gfn to be updated incorrectly, potentially leading to a hypervisor crash. A malicious guest administrator may exploit this issue to cause a Denial of Service (DoS). Only Arm systems are vulnerable, while x86 systems are not affected.

Recommendations For Xen versions prior to 4.13, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the XENMEM add to physmap hypercall to minimize the risk of exploitation. Additionally, restrict access to the p2m get root pointer() function until a patch is available.