Xen Security Advisory: XSA-174 Public release: 2016-04-14 12:00 CVE: CVE-2016-3961 Title: hugetlbfs use may crash PV Linux guests Issue Description: Huge (2MB) pages normally unavailable to PV guests on x86 Linux due to multi-purpose kernel builds with hugetlbfs support. Application use of this feature in a PV guest can lead to an infinite page fault loop and an OOPS during hung application termination. Impact: OOPS can result in a kernel crash (Guest DoS) based on guest kernel configuration. Vulnerable Systems: All upstream x86 Linux versions as PV Xen guests. ARM systems and x86 HVM guests are not vulnerable. Not vulnerable: x86 Linux from linux-2.6.18-xen.hg (XenoLinux), Oracle Unbreakable Enterprise Kernels, non-Linux guests. Mitigation: Running HVM guests avoids the issue. Avoid enabling hugetlbfs or altering /proc/sys/vm/nr_hugepages. Disabling "panic on OOPS" behavior may limit impact to application crashes, though effectiveness is uncertain. Resolution: Patch (xsa174.patch) applies to Linux 4.5.x and 3.10.x. Deployment During Embargo: Deployment restricted to Xen Project Security Issues Predisclosure List members. Public cloud deployment prohibited to prevent vulnerability rediscovery. Contact Xen Project Security Team for significant mitigation changes. Credits: Discovered by Vitaly Kuznetsov from Red Hat.