Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 01 Nov 2013 14:52:29 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, xen-announce@...ts.xen.org,
        xen-devel@...ts.xen.org, xen-users@...ts.xen.org
CC: "Xen.org security team" <security@....org>
Subject: Re: Xen Security Advisory 73 - Lock order reversal
 between page allocation and grant table locks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/01/2013 09:07 AM, Xen.org security team wrote:
> Xen Security Advisory XSA-73
> 
> Lock order reversal between page allocation and grant table locks
> 
> NOTE REGARDING LACK OF EMBARGO ==============================
> 
> While the response to this issue was being prepared by the
> security team, the bug was independently discovered by a third
> party who publicly disclosed it without realising the security
> impact.
> 
> ISSUE DESCRIPTION =================
> 
> The locks page_alloc_lock and grant_table.lock are not always taken
> in the same order.  This opens the possibility of deadlock.
> 
> IMPACT ======
> 
> A malicious guest administrator can deny service to the entire
> host.
> 
> VULNERABLE SYSTEMS ==================
> 
> Xen versions going back to at least Xen 3.2 are vulnerable.
> 
> To exploit the vulnerability, the attacker must have control of
> more than one vcpu, either by controlling a malicious multi-vcpu
> guest, or by controlling more than one guest.
> 
> MITIGATION ==========
> 
> There is no practical mitigation for this issue.
> 
> CREDITS =======
> 
> This issue was discovered by Coverity Scan and diagnosed by Andrew 
> Cooper.
> 
> RESOLUTION ==========
> 
> Applying the appropriate attached patch resolves this issue.
> 
> xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable xsa73-4.2.patch
> Xen 4.2.x xsa73-4.1.patch             Xen 4.1.x
> 
> $ sha256sum xsa73*.patch 
> b828ff085f2dc1f2042bda1dc8a6c52b56ad1c1e3639c3efe32e5706e4ef424f
> xsa73-4.1.patch 
> 10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c
> xsa73-4.2.patch 
> 48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b
> xsa73-4.3-unstable.patch $
> 

Please use CVE-2013-4494 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSdBSNAAoJEBYNRVNeJnmTNWMP/REouDdz04PivxYXIwjmkqTF
2sQJUt6/4Jax9i3aKWJAvB1fpqqS6T0NmtMpZ9yHihYMvTx+8Nmkpc+GRynbQrZx
t2l7Tcs7P+aHbbVFz3WUY+Z0yprUeCuKAu0GMpILijoykVOTM6IlTsRyDjWke0hl
f6oJmnhe87BnhglUJkfkLhnXUDHUAnZQjmLqznYMOqEFIxBzK+MbCYWIZ7DALerS
GtaZnt5Gqxx3KLZFJVVz1dW2AKby9vXqUwCiEH/WJ6rwsb98tVwN34yZPLPjug9k
hQQDyPKmv/FAd14ieslS88uXnP1fwofxTCbpfYTVYDP4wBropAhBueLIf32pzhrC
6GSqy2VYvFXqTmY/mKxLYqz/czG6b3DMwvCTqPOqfszOv75R0COPQIeeTmdLuI7L
ZDdP5ZNcuNVSiLJaXBi6cfiFmRtPFsFEiu4+p1nCt6f0mfia2LqpVvjfaK56FerA
R0f1LNouRm/4aBbeXtGTVTdMFprF9DDQgZlEPuATrZNjp0b3X/uxQLAtMLWDLAa9
CYpSCbv9SqGGlot6cL1m4rEtsmMRRcffz+EZUcmXF/cRIPVZxdMHJ+mHyShUALGt
LPVABCngDF3RTQqhBSZwViUaoyjo/Pora1bcMvNMZoIMxQHz18hg2961OgxOSfeg
70WfDymdz82cl4k6KZim
=uAIy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ