Date: Tue, 13 Nov 2012 12:56:06 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4535 / XSA-20 version 2 Timer overflow DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely. IMPACT ====== A malicious guest administrator can trigger the bug. If the Xen watchdog is enabled, the whole system will crash. Otherwise the guest can cause the system to become completely unresponsive. VULNERABLE SYSTEMS ================== All versions of Xen from at least 3.4 onwards are vulnerable, to every kind of guest. Systems with only trusted guest kernels are not vulnerable. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. The same patch is applicable to all affected versions. $ sha256sum xsa20.patch 954f43a3b912d551b6534d3962d0bab3db820222a3bff211b545e526f9161c71 xsa20.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGkAAoJEIP+FMlX6CvZzB0H/2H7Z/zxYOQtC2QLT77voNvI /dCGnO+tUxcn9zsPOTkQjTmd7XrSaCdV9IoKmssZCwTBlHzRiwvFWQBinqrU8SZb 8UCv4O1zxg4Ygv/9nlJVxI8Xq9+uyxc/RaMeKlMCsW2rSKut9zmHI9HU+FT5kqG9 0vEXhZW4/MwOFbH+03LoHgjXqW8LOLNZtBg9u5rF5iCDLnltdAC//3kFXA5UG391 JAzAdBUOOaf2OAnL4tEpEV6ksmeaxjckg63P5T61MUqiFJo/5AL5tu0kEKGHF7jH X4tDkSoV7Rbma4kNN3SbYjAkYGtsrGDeVS7HlhPbyZpKQVUJN+bSMYto3r8lVMM= =nj9Z -----END PGP SIGNATURE----- [ CONTENT OF TYPE application/octet-stream SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ