Date: Thu, 02 May 2013 15:04:09 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1952 / XSA-49 version 2 VT-d interrupt remapping source validation flaw for bridges UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Interrupt remapping table entries for MSI interrupts set up by bridge devices did not get any source validation set up on them, allowing misbehaving or malicious guests to inject interrupts into the domain owning the bridges. In a typical Xen system bridge devices are owned by domain 0, leaving it vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain, given access to a device which bus mastering capable, can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen version 4.0 onwards is vulnerable. Only systems using Intel VT-d for PCI passthrough are vulnerable. Any domain which is given access to a PCI device that is bus mastering capable can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa49-unstable.patch Xen xen-unstable xsa49-4.2.patch Xen 4.2.x xsa49-4.1.patch Xen 4.1.x $ sha256sum xsa49-*.patch 666aec709795163e7c19e99f71ff88cb9a4d66f3f0599ef66446310323fd8d9e xsa49-4.1.patch 37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f xsa49-4.2.patch ba07b4ff0393084282edc24db7f03eb95b0a4bbc8d40d6ede601d0182a0fc852 xsa49-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRgnfXAAoJEIP+FMlX6CvZoHsH/jNpyc3Y1ga9GPQSxZ+GaXme z/TzcW1gZsP8TVlsoXJbGSVMbDLNLkTA7LpPkep/tSNOfQ3Umg/70sLtvXmpm2PR zvpLgjpKut5ziqLLhFX1kTRZIrg9X8p9k9DHiq3JKK7WUZ1S21i8zQH8w6k9R2Q5 JO6WTP5VidDVByn23HcIwUI1/z4mbPIe5MI2/I81dbw3BnMLHeX8RGlIHz1Cj729 W7UqRDkivdH0CjF4D/hBskcI+3bZOS2I+JrQf78YP5kq2zr1tSJ6wH9VhxgI0ku1 LgmmEPfqoeCXK8/s0QcLFj+nAMx6OZWeTPJ31RT41106ZWku+gazddFsZJ+PeuY= =no/g -----END PGP SIGNATURE----- [ CONTENT OF TYPE application/octet-stream SKIPPED ] [ CONTENT OF TYPE application/octet-stream SKIPPED ] [ CONTENT OF TYPE application/octet-stream SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ