Denial of Service Vulnerability in Xen Hypervisor
CVE-2008-4405

Currently unrated

Key Information:

Vendor
Citrix
Status
Vendor
CVE Published:
3 October 2008

Summary

The Xen hypervisor version 3.0.3 has a vulnerability where the xend component fails to adequately restrict the contents of the /local/domain xenstore directory tree. This improper configuration allows a guest virtual machine (VM) to write to sensitive areas such as console/tty, console/limit, and image/device-model-pid. As a result, malicious users within the guest OS may exploit this flaw to create a denial of service situation, potentially affecting the availability of the host or other VMs. The issue is notable for its implications on VM security and resource management within virtualized environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.