2.7 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
25.1%
The qdisk PV disk backend in the qemu-xen flavour of qemu (“upstream qemu”) can be influenced by a malicious frontend to leak mapped grant references.
A malicious HVM guest can cause the backend domain to run out of grant references, leading to a DoS for any other domain which shares that driver domain.
Any system which is using the qemu-xen qdisk backend for HVM guests is vulnerable.
qemu-xen and qdisk are exposed by systems using libxl from Xen 4.2.0 onwards. In Xen 4.2.0 qemu-xen was a non-default option, from Xen 4.3.0 onwards qemu-xen is the default.
Xen 4.1.0 exposes qdisk via libxl but does not support qemu-xen and therefore is not vulnerable.
The xend toolstack has never supported qdisk as a disk backend and therefore such systems are not vulnerable.
Upstream qemu is vulnerable from version 1.1 onwards.