Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 13 Nov 2012 12:56:13 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure
 DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                 Xen Security Advisory CVE-2012-4537 / XSA-22
			      version 4

                  Memory mapping failure DoS vulnerability

UPDATES IN VERSION 4
====================

Public release.

ISSUE DESCRIPTION
=================

When set_p2m_entry fails, Xen's internal data structures (the p2m and
m2p tables) can get out of sync.  This failure can be triggered by
unusual guest behaviour exhausting the memory reserved for the p2m
table.  If it happens, subsequent guest-invoked memory operations can
cause Xen to fail an assertion and crash.

IMPACT
======

A malicious guest administrator might be able to cause Xen to crash.

VULNERABLE SYSTEMS
==================

All versions of Xen since at least 3.4 are vulnerable.

The vulnerability is only exposed to HVM guests.

MITIGATION
==========

There is no mitigation available other than to use a trusted guest
kernel.

RESOLUTION
==========

The attached patch resolves this issue.

Applying the appropriate attached patch resolves this issue.

xsa22-4.2-unstable.patch    Xen 4.2.x, xen-unstable
xsa22-4.1.patch             Xen 4.1.x
xsa22-4.0.patch             Xen 4.0.x
xsa22-3.4.patch             Xen 3.4.x

$ sha256sum xsa22*.patch
fe21558f098340451a275c468a7b2209915676f4f41ec394970c6aa0df3d93d3  xsa22-3.4.patch
b7e635ae07f31ac8ecb8732152ba66897ea6d0f5e30468e35d7c37379c7369bb  xsa22-4.0.patch
e699e7af6b90e60531d98f04197141c4caf5eb4cdb312a43e736830eb17d32e1  xsa22-4.1.patch
8dbf850b903179807257febe12a15cb131968e65d2e90dbd3a5f72b83d2f931a  xsa22-4.2-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQokGpAAoJEIP+FMlX6CvZUsEIAIL7FtUpAgYTG73BXIpIoJ1h
L85yaAhizzuwWAHMwLBD/oMs+OPzIXsCp4rBHI8XPQ0rf3YeHSj8uI+ta17Th1Gb
KuFFlDPujh5EiE0yel8u21hgsJ7rUpA04jPeYDbVbHPVC6bywf7pkChCEPos/Ze9
gAlRVptdBXH2nGmSyMFDfoby60lDXa7ZP0KoJUyuUG69zDMzlANLiEvk/+mN4YKB
W4uiaYlCeDfrCn4T8Pk9rTMdDWmCsbQpZQRqwwNXdUa/EX0Ccv/QdcppPHoylYeK
DQ9GPZOtDsm4s1M/J1oPVXZI7X/vLuBwje4/hhisFFiO4kLffcKCSopSizgLlO0=
=82B5
-----END PGP SIGNATURE-----

Download attachment "xsa22-3.4.patch" of type "application/octet-stream" (2044 bytes)

Download attachment "xsa22-4.0.patch" of type "application/octet-stream" (1288 bytes)

Download attachment "xsa22-4.1.patch" of type "application/octet-stream" (1308 bytes)

Download attachment "xsa22-4.2-unstable.patch" of type "application/octet-stream" (1296 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.