Date: Thu, 9 Aug 2012 16:02:39 +0100 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com Subject: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3433 / XSA-11 version 3 HVM guest destroy p2m teardown host DoS vulnerability UPDATES IN VERSION 3 ==================== Embargo ended Thursday 2012-08-09 12:00:00 UTC. ISSUE DESCRIPTION ================= An HVM guest is able to manipulate its physical address space such that tearing down the guest takes an extended period amount of time searching for shared pages. This causes the domain 0 VCPU which tears down the domain to be blocked in the destroy hypercall. This causes that domain 0 VCPU to become unavailable and may cause the domain 0 kernel to panic. There is no requirement for memory sharing to be in use. IMPACT ====== A guest kernel can cause the host to become unresponsive for a period of time, potentially leading to a DoS. VULNERABLE SYSTEMS ================== All systems running HVM guests with untrusted guest kernels. This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier and xen-unstable are not vulnerable. MITIGATION ========== This issue can be mitigated by running PV (para-virtualised) guests only, or by ensuring (inside the guest) that the kernel is trustworthy. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. NOTE REGARDING CVE ================== We do not yet have a CVE Candidate number for this vulnerability. PATCH INFORMATION ================= The attached patches resolve this issue Xen 4.1, 4.1.x xsa11-4.1.patch Xen 4.0, 4.0.x xsa11-4.0.patch $ sha256sum xsa11-*.patch c8ab767d831b20a1b22c69a28127303c89cf0379cbf6f1ba3acfda6240aa2a89 xsa11-4.0.patch 61c6424023a26a8b4ea591d0bff6969908091a1a1e1304567d0d910908f21e8d xsa11-4.1.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQI8/0AAoJEIP+FMlX6CvZ+fIH/R8w3J9KUiLiIai/QaA4xOjp rkvdR40b0GzcllDQEy9bUCvRY3QPz7DRza90vLvxCL9R5OnbkRtGJxdmbxjwmoVX zF03FLaFCd5ypFsTGAcxaUcxtOrt6Ut6R0i8GZp5BCkOV+UkNvu/uaOxL6N3UZ3w HfCm88EAWsWeJuShiG5jY3BhgCeR7b3GV9uXP0vG5Pa7cwPGvMnx/E6OsC/zEMG2 7yTX0/AI4qKMT9XtiA024vloN1mMlRgN74ZIBqmPuDv5ggv1wLFseARWueYMBn8Y aUDi97nJf+YWXIx+YwAmD0XLmJ/5tTAYvaV3B4vjMrfFc/plMKDvOqohVB+hv08= =l4LY -----END PGP SIGNATURE----- View attachment "xsa11-4.0.patch" of type "text/plain" (1049 bytes) View attachment "xsa11-4.1.patch" of type "text/plain" (1063 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ