SDLab

SDLab
SDLab.org::Adminな脳み

2014年8月13日水曜日

Long latency virtual-mmu operations are not preemptible

[Xen-users] Xen Security Advisory 97 (CVE-2014-5146, CVE-2014-5149) - Long latency virtual-mmu operations are not preemptible
http://lists.xen.org/archives/html/xen-users/2014-08/msg00043.html

ISSUE DESCRIPTION
=================
Some MMU virtualization operations on HVM guests must process every
page assigned to a guest.  For larger guests, this can tie up a vcpu
for a significant amount of time, as the operations are not
preemptible.
For guests using Hardware Assisted Paging (HAP, see below) this is
CVE-2014-5146.  For guests not using HAP this is CVE-2014-5149.
IMPACT
======
A malicious HVM guest with a large allocation of shadow/p2m RAM
can mount a denial of service attack affecting the whole system.

x86上のHVMが影響。あまりないケースだろうけど。

0 件のコメント:

コメントを投稿