XSA-130

CVE-2015-4105

问题描述

http://xenbits.xen.org/xsa/advisory-130.html

Guest triggerable qemu MSI-X pass-through error messages

Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain (supposedly) invalid guest operations.

logic error

Patch描述

http://xenbits.xen.org/xsa/xsa130-qemut.patch

xen/MSI-X: disable logging by default

… to avoid allowing the guest to cause the control domain’s disk to fill.

--- a/hw/pass-through.h
+++ b/hw/pass-through.h
@@ -27,7 +27,7 @@
 #include "qemu-timer.h"
 
 /* Log acesss */
-#define PT_LOGGING_ENABLED
+/* #define PT_LOGGING_ENABLED */
 
 /* Print errors even if logging is disabled */
 #define PT_ERR(_f, _a...)   fprintf(logfile, "%s: " _f, __func__, ##_a)

Consequence

A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial of Service.

DoS