Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xen 安全漏洞
Vulnerability Description
Xen是英国剑桥(Cambridge)大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen 存在安全漏洞,该漏洞源于在Arm上映射guest的页面时Arm guest可以通过PV设备导致Dom0 DoS,Dom0使用rbtree来跟踪外部映射。该rbtree的更新并不总是在持有相关锁的情况下完成,从而导致了一个小的竞争窗口,没有特权的guests可以通过PV设备使用该窗口导致rbtree的不一致。这些不一致可能
CVSS Information
N/A
Vulnerability Type
N/A