CVE-2018-12891

Name of the Vulnerable Software and Affected Versions Xen versions 3.3 and earlier Xen versions 3.4 through 4.10.x

Description An issue in Xen allows a malicious or buggy PV guest to cause a Denial of Service (DoS) affecting the entire host, specifically by preventing use of a physical CPU for an indeterminate period of time. This occurs because certain PV MMU operations may take a long time to process, and a malicious guest can cause rarely taken code paths to bypass checks for the need to preempt the current vCPU. The vulnerability can be leveraged by multi-vCPU x86 PV guests, but x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. Only x86 systems are affected, while ARM systems are not.

Recommendations For Xen versions 3.3 and earlier, consider disabling multi-vCPU support for PV guests to minimize the risk of exploitation. For Xen versions 3.4 through 4.10.x, consider restricting the use of physical CPUs by PV guests to prevent a Denial of Service (DoS) affecting the entire host. At the moment, there is no information about a newer version that contains a fix for this vulnerability.