Xenstored Denial-of-Service Vulnerability in Unprivileged Domains

A denial-of-service vulnerability has been identified in xenstored, affecting all Xen systems from version 4.18 onwards. When an unprivileged guest domain issues a Xenstore command that accesses the illegal node path '/local/domain/', xenstored crashes due to a clobbered error indicator. This crash is triggered by a failing assert() statement in xenstored. If xenstored is built with NDEBUG defined, the unprivileged guest can cause xenstored to become fully occupied with CPU usage, disrupting Xenstore actions without affecting other guests. However, this high CPU usage can hinder domain administration on the host.

Impact

Exploitation of this vulnerability causes xenstored to crash, leading to a denial-of-service condition for Xenstore actions. This disruption prevents further domain administration on the host. If xenstored is built with NDEBUG defined, the vulnerability causes xenstored to become 100% busy, but without harming functionality for other guests.

Remediation

Applying the patch available in the advisory resolves this issue. For systems using the C variant of xenstored, the patch can be applied to Xen 4.18.x. Note that patches for released versions are generally prepared for the stable branches and may not apply cleanly to the most recent release tarball.