New Xen bug uses security feature to destroy security
Dis-ARM-ing flaw can cook your console
The good news is that this one is rather less nasty than the string of guest/host escapes it's reported lately thanks largely to leaks in QEMU. Another nice piece of news is that this time around the problem's also only on ARM-compatible silicon, so even fewer folk will need to reach for their patch-o-matics.
The bad news is that it's still a flaw and one that can create a denial of service attack on a Xen system.
“A malicious infrastructure domain, which is allowed to map memory of a foreign guest, would be able to flood the Xen console,” says the advice from the Xen Project about the bug.
“As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design.”
Another little ray of sunshine comes from the fact that one mitigation is simply to reduce the hypervisor log level so that it sends fewer messages. With less logging, the chances of a DoS fall.
Here comes a little grey cloud: “Switching from disaggregated to a non-disaggregated operation does NOT mitigate these vulnerabilities. Rather, it simply recategorises the vulnerability to hostile management code, regarding it 'as designed'; thus it merely reclassifies these issues as 'not a bug'.”
“Users and vendors of disaggregated systems should not change their configuration.”
Patching is therefore recommended. Go look for xsa141.patch. And enjoy your upgrade. ®