CVE-2024-31144

For a brief summary of Xapi terminology, see:<br /> <br /> https://xapi-project.github.io/xen-api/overview.html#object-model-overview <br /> <br /> Xapi contains functionality to backup and restore metadata about Virtual<br /> Machines and Storage Repositories (SRs).<br /> <br /> The metadata itself is stored in a Virtual Disk Image (VDI) inside an<br /> SR. This is used for two purposes; a general backup of metadata<br /> (e.g. to recover from a host failure if the filer is still good), and<br /> Portable SRs (e.g. using an external hard drive to move VMs to another<br /> host).<br /> <br /> Metadata is only restored as an explicit administrator action, but<br /> occurs in cases where the host has no information about the SR, and must<br /> locate the metadata VDI in order to retrieve the metadata.<br /> <br /> The metadata VDI is located by searching (in UUID alphanumeric order)<br /> each VDI, mounting it, and seeing if there is a suitable metadata file<br /> present. The first matching VDI is deemed to be the metadata VDI, and<br /> is restored from.<br /> <br /> In the general case, the content of VDIs are controlled by the VM owner,<br /> and should not be trusted by the host administrator.<br /> <br /> A malicious guest can manipulate its disk to appear to be a metadata<br /> backup.<br /> <br /> A guest cannot choose the UUIDs of its VDIs, but a guest with one disk<br /> has a 50% chance of sorting ahead of the legitimate metadata backup. A<br /> guest with two disks has a 75% chance, etc.