Date: Fri, 01 Nov 2013 14:52:29 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com, xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org CC: "Xen.org security team" <security@....org> Subject: Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/2013 09:07 AM, Xen.org security team wrote: > Xen Security Advisory XSA-73 > > Lock order reversal between page allocation and grant table locks > > NOTE REGARDING LACK OF EMBARGO ============================== > > While the response to this issue was being prepared by the > security team, the bug was independently discovered by a third > party who publicly disclosed it without realising the security > impact. > > ISSUE DESCRIPTION ================= > > The locks page_alloc_lock and grant_table.lock are not always taken > in the same order. This opens the possibility of deadlock. > > IMPACT ====== > > A malicious guest administrator can deny service to the entire > host. > > VULNERABLE SYSTEMS ================== > > Xen versions going back to at least Xen 3.2 are vulnerable. > > To exploit the vulnerability, the attacker must have control of > more than one vcpu, either by controlling a malicious multi-vcpu > guest, or by controlling more than one guest. > > MITIGATION ========== > > There is no practical mitigation for this issue. > > CREDITS ======= > > This issue was discovered by Coverity Scan and diagnosed by Andrew > Cooper. > > RESOLUTION ========== > > Applying the appropriate attached patch resolves this issue. > > xsa73-4.3-unstable.patch Xen 4.3.x, xen-unstable xsa73-4.2.patch > Xen 4.2.x xsa73-4.1.patch Xen 4.1.x > > $ sha256sum xsa73*.patch > b828ff085f2dc1f2042bda1dc8a6c52b56ad1c1e3639c3efe32e5706e4ef424f > xsa73-4.1.patch > 10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c > xsa73-4.2.patch > 48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b > xsa73-4.3-unstable.patch $ > Please use CVE-2013-4494 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSdBSNAAoJEBYNRVNeJnmTNWMP/REouDdz04PivxYXIwjmkqTF 2sQJUt6/4Jax9i3aKWJAvB1fpqqS6T0NmtMpZ9yHihYMvTx+8Nmkpc+GRynbQrZx t2l7Tcs7P+aHbbVFz3WUY+Z0yprUeCuKAu0GMpILijoykVOTM6IlTsRyDjWke0hl f6oJmnhe87BnhglUJkfkLhnXUDHUAnZQjmLqznYMOqEFIxBzK+MbCYWIZ7DALerS GtaZnt5Gqxx3KLZFJVVz1dW2AKby9vXqUwCiEH/WJ6rwsb98tVwN34yZPLPjug9k hQQDyPKmv/FAd14ieslS88uXnP1fwofxTCbpfYTVYDP4wBropAhBueLIf32pzhrC 6GSqy2VYvFXqTmY/mKxLYqz/czG6b3DMwvCTqPOqfszOv75R0COPQIeeTmdLuI7L ZDdP5ZNcuNVSiLJaXBi6cfiFmRtPFsFEiu4+p1nCt6f0mfia2LqpVvjfaK56FerA R0f1LNouRm/4aBbeXtGTVTdMFprF9DDQgZlEPuATrZNjp0b3X/uxQLAtMLWDLAa9 CYpSCbv9SqGGlot6cL1m4rEtsmMRRcffz+EZUcmXF/cRIPVZxdMHJ+mHyShUALGt LPVABCngDF3RTQqhBSZwViUaoyjo/Pora1bcMvNMZoIMxQHz18hg2961OgxOSfeg 70WfDymdz82cl4k6KZim =uAIy -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ