-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2022-42330 / XSA-425 Guests can cause Xenstore crash via soft reset ISSUE DESCRIPTION ================= When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact. IMPACT ====== A malicious guest could try to kexec until it hits the xenstored bug, resulting in the inability to perform any further domain administration like starting new guests, or adding/removing resources to or from any existing guest. VULNERABLE SYSTEMS ================== Only Xen version 4.17 is vulnerable. Systems running an older version of Xen are not vulnerable. All Xen systems using C xenstored are vulnerable. Systems using the OCaml variant of xenstored are not vulnerable. Systems running only PV guests (x86 only) are not vulnerable, as long as they are using a libxl based toolstack. MITIGATION ========== The problem can be avoided by either: - - using the OCaml xenstored variant - - explicitly configuring guests to NOT perform the "Soft Reset" action by adding: on_soft_reset="reboot" or similar to the guest's configuration. This will break kexec in the guest, though. NOTE REGARDING LACK OF EMBARGO ============================== This issue was discussed in public already. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa425.patch xen-unstable, Xen 4.17.x $ sha256sum xsa425* 49f322c955fe7857cc824bba80625e56f582fdf0a4b244f513b6750e15ba5e48 xsa425.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmPRQroMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZEpsIAJmIVB2lvqT2Qdp0pPSoaJIxXxuGE320kVTWmudB F2WbRCxeubqoOC/MyHTLOujMix6wBHnbm1cMQo0r4Vah/KX34vPS3wYqDZQYZtES aEkOQ+214QLAS2futcT0gde9idKpShI9jjWSRwcH01a7V6tlwwidc4V0luUFV0iX EKHPJ89rbbCMP1fOq5B+C7UP8oyiHItNWPWPFBwtUeXKvFiPOoyUPCoTHG8CCYHG WiVbeaZab7x/9+WUwXJ6hZqZiVr6NqoaItOx9Nbw4yCHwJlAj2UfA9skmqtGbPbB vxhkbIgOeiWoPvZgTGQjzZLosWO5+y30Fv5QYIbjA2/1OSQ= =7kiM -----END PGP SIGNATURE-----