Early Access — Mondoo Vulnerability Intelligence is currently in preview.
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.
4.5.1-0ubuntu14.5.1-0ubuntu24.6.0-1ubuntu14.6.0-1ubuntu24.6.0-1ubuntu44.6.0-1ubuntu4.14.6.0-1ubuntu4.24.6.0-1ubuntu4.34.6.5-0ubuntu14.6.5-0ubuntu1.1+2 more4.9.0-0ubuntu34.9.0-0ubuntu44.9.2-0ubuntu14.11.3+24-g14b62ab3e5-1ubuntu14.11.3+24-g14b62ab3e5-1ubuntu24.11.3+24-g14b62ab3e5-1ubuntu2.24.9.2-0ubuntu24.9.2-0ubuntu64.9.2-0ubuntu74.11.3+24-g14b62ab3e5-1ubuntu2.34.11.4+24-gddaaccbbab-1ubuntu24.5.1-0ubuntu14.5.1-0ubuntu24.6.0-1ubuntu14.6.0-1ubuntu24.6.0-1ubuntu44.6.0-1ubuntu4.14.6.0-1ubuntu4.24.6.0-1ubuntu4.34.6.5-0ubuntu14.6.5-0ubuntu1.1+2 more4.9.0-0ubuntu34.9.0-0ubuntu44.9.2-0ubuntu1Exploitability
AV:LAC:LPR:LUI:NScope
S:CImpact
C:NI:NA:HCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H