A vm-admin can inject arbitrary Xen hypervisor boot parameters into the PVinPVH xen-shim kernel command line by setting VM.platform:pvinpvh-xen-cmdline to an attacker-controlled string. The value is read by xenopsd at xenops_server_xen.ml:2416-2419 with zero validation and passed directly to xenguesthelper as the -cmdline argument. The attacker can disable speculative execution mitigations (spec-ctrl=no), remove Meltdown protection (xpti=false), disable L1TF mitigation (pv-l1tf=false), and disable DMA protection (iommu=no). No map_keys_roles protection exists on VM.platform.
VM.platform is a Map(String, String) field writable by vm-admin - the lowest delegated management role. The pvinpvh-xen-cmdline key controls the kernel command line for the Xen shim used in PV-in-PVH domain builds.
vm-admin calls VM.add_to_platform(vm, "pvinpvh-xen-cmdline", "spec-ctrl=no xpti=false pv-l1tf=false iommu=no")
-> xenops_server_xen.ml:2416-2419 reads platform["pvinpvh-xen-cmdline"]
-> Value concatenated with shim_mem parameter
-> Passed to Domain.BuildPVH { cmdline = pvinpvh_xen_cmdline }
-> domain.ml:1328-1329 passes as -cmdline argument to xenguesthelper
-> xenguesthelper boots xen-shim with attacker-controlled command line
-> Mitigations disabled for the PVinPVH domain
(* xenops_server_xen.ml:2416-2419 *)
let pvinpvh_xen_cmdline =
let base =
try List.assoc "pvinpvh-xen-cmdline" vm.Vm.platformdata
with Not_found -> !Xenopsd.pvinpvh_xen_cmdline
in
...
String.concat " " [base; shim_mem]
No validation is performed. The entire Xen shim kernel command line is replaced by the attacker-supplied value.
| Option | Effect | Security Impact |
|---|---|---|
spec-ctrl=no |
Disables all speculative execution mitigations | Exposes guest to Spectre/Meltdown variants |
xpti=false |
Disables Xen Page Table Isolation | Removes Meltdown protection for 64-bit PV |
pv-l1tf=false |
Disables L1 Terminal Fault mitigation | Guest can exploit L1 cache to leak memory |
iommu=no |
Disables IOMMU in shim | Removes DMA protection |
vpmu=bts |
Enables Branch Trace Store | Known to cause system hangs |
smt=off |
Disables hyperthreading visibility | Breaks guest assumptions |
Missing RBAC protection. VM.platform has zero map_keys_roles entries. The pvinpvh-xen-cmdline key is writable by vm-admin.
Zero consumer-side validation. xenopsd reads the value with List.assoc and passes it directly to the domain builder. No sanitization, no option allowlist, no format check.
Write-time vs. start-time validation gap. VM.platform has a sanity_check at VM start time (vm_platform.ml), but pvinpvh-xen-cmdline is not covered by any check.
PV-in-PVH is a backwards-compatibility mechanism for legacy PV guests that cannot run on modern Xen directly. Most production workloads use HVM or PVH guests, which are unaffected by this specific key. However:
| Scenario | Impact | Pre-conditions | Status |
|---|---|---|---|
| Spectre/Meltdown mitigation bypass | CPU mitigations disabled for PVinPVH domain | PV guest in PVinPVH mode | Confirmed (live-tested: attacker parameters reach xenguesthelper) |
| L1TF mitigation bypass | L1 cache attack enabled | PV guest in PVinPVH mode | Confirmed (parameters pass through) |
| DMA protection bypass | IOMMU disabled in shim | PV guest in PVinPVH mode | Confirmed (parameters pass through) |
VM.platform writes for the pvinpvh-xen-cmdline keyspec-ctrl, xpti, pv-l1tf, iommudisclosure/vendor-detection-guidance.mdVM.platform records for pvinpvh-xen-cmdline keysAdd map_keys_roles. Restrict pvinpvh-xen-cmdline in datamodel_vm.ml to _R_POOL_ADMIN.
Consumer-side validation. Implement an allowlist of permitted Xen command-line options in xenopsd. Reject or strip security-critical options that should not be user-controllable.
Write-time validation. Extend vm_platform.ml:sanity_check to cover pvinpvh-xen-cmdline with an option allowlist.
Upstream patches exist. They are held privately pending coordinated disclosure.
Disclosure:
xenops_server_xen.ml:2416-2419 (cmdline read), domain.ml:1328-1329 (xenguesthelper invocation), datamodel_vm.ml:2717-2720 (VM.platform field definition, no map_keys_roles)disclosure/advisories/plat-security-advisory.md (PLAT-2)research/investigations/vm-platform.mdresearch/plat-2/poc/plat-2-pvinpvh-xen-cmdline.sh (available to CSIRTs on request)research/plat-2/poc/evidence/plat-2-20260319-200002.logDiscovered and reported by Jakob Wolffhechel, Moksha.