Date: Tue, 05 Feb 2013 13:15:17 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0231 / XSA-43 version 2 Linux pciback DoS via not rate limited log messages. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Xen's PCI backend drivers in Linux allow a guest with assigned PCI device(s) to cause a DoS through a flood of kernel messages, potentially affecting other domains in the system. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to passed through PCI devices are vulnerable. Both mainline ("pvops") and classic-Xen patch kernels are affected. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa43-pvops.patch Apply to mainline Linux 3.8-rc5. xsa43-classic.patch Apply to linux-2.6.18-xen tree. $ sha256sum xsa43*.patch 4dec2d9b043bce2b8b54578573ba254fa7e6cbf4640cd100f40d8bf8a5a6a470 xsa43-classic.patch 6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8 xsa43-pvops.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI+AAoJEIP+FMlX6CvZkoEH/2sIEO+1qLiHTde/UJznrvr8 R8MDNC5tqXVLtbPjScoTItMHaPfz33lcypz9UFknHepdwZKhRrcuqy4E79lxeXDG BybbbbfNfJPeUG44O1fkyJTJys0xRBnAGzWInZZwq+gWRaJv+JNhzinFujvLNDJV 4m2ObnSwT1mx/9CjRxWGakKDhPcZSGmWIicyN5tueNKdWbAjSqiR/J8N5W+QJiCm +BzjzYpfUqn0vKOlARQIMshzqFjYVTnoHFZf/4Hl7ogIibxfGGo5t05pzBoAlIgj nTizW2Bxs9XM1NaFsZ2ESg8KVDTFSHS+jsMtdl0bWoHwRs6nNMQJJTjTPHXspCQ= =5o5U -----END PGP SIGNATURE----- Download attachment "xsa43-classic.patch" of type "application/octet-stream" (884 bytes) Download attachment "xsa43-pvops.patch" of type "application/octet-stream" (1786 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ