Denial of Service Vulnerability in Xen Hypervisor
CVE-2008-4405
Currently unrated
Summary
The Xen hypervisor version 3.0.3 has a vulnerability where the xend component fails to adequately restrict the contents of the /local/domain xenstore directory tree. This improper configuration allows a guest virtual machine (VM) to write to sensitive areas such as console/tty, console/limit, and image/device-model-pid. As a result, malicious users within the guest OS may exploit this flaw to create a denial of service situation, potentially affecting the availability of the host or other VMs. The issue is notable for its implications on VM security and resource management within virtualized environments.
References
Timeline
Vulnerability published
Vulnerability Reserved