Date: Mon, 03 Dec 2012 17:51:42 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-5510 / XSA-26 version 3 Grant table version switch list corruption vulnerability UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain's tracking list. This would cause list corruption, eventually leading to a hypervisor crash. IMPACT ====== A malicious guest administrator can cause Xen to crash, leading to a denial of service attack. VULNERABLE SYSTEMS ================== All Xen version from 4.0 on are vulnerable. Version 3.4 and earlier are not vulnerable. MITIGATION ========== Running only guests with trusted kernels will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa26-4.1.patch Xen 4.1.x xsa26-4.2.patch Xen 4.2.x xsa26-unstable.patch xen-unstable $ sha256sum xsa26*.patch b4674ddaf9a9786d5e7e5e4f248f6095e118184df581036e0531b5db5e1d645b xsa26-4.1.patch a6e2ed7bae3e62d4294fdb48e8a5418b1de8e0e690f4fea4bb430d2b7cf758e6 xsa26-4.2.patch ac2d5a82f0dba0f4213607a0e3bb9be586d90173bbadc4b402c2f19fbe4b2cf3 xsa26-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQvOJ1AAoJEIP+FMlX6CvZBHIH/jI42gGLsThzGlgkFg2aqE74 EUKIPZE4DLQNl6oTQ/fp0dfJgsQ8XHldovl4EphWK+oO0osloE2HjAY5mesOraui IIQHRkbosbDshDcSqFDndl+xjAEk1ohlGMMpSdUImIHdFF8ZJneXdK11cqxMtCKR 27ych3lDViqy0OqxFGRZpsBE0hHqU7aiL8Orr+tI4sANnd/qVfZcdqizoTRuAJX3 KOmaq+8VwoRSeppAvVgcnGkDLyCd5udRLNEenjrFo1YkC01bVIdbD59/ZwEIC6eZ iR7bvppV1nuq9WnbCkx+FVkNc9AuGwUZMOdePH2PwLYqIZGMBi9uqUD3Y0HHMoo= =OtT0 -----END PGP SIGNATURE----- Download attachment "xsa26-4.1.patch" of type "application/octet-stream" (3932 bytes) Download attachment "xsa26-4.2.patch" of type "application/octet-stream" (3814 bytes) Download attachment "xsa26-unstable.patch" of type "application/octet-stream" (3820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ