Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 04 Nov 2013 13:15:44 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 73 (CVE-2013-4494) - Lock order reversal
 between page allocation and grant table locks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              Xen Security Advisory CVE-2013-4494 / XSA-73
                              version 3

    Lock order reversal between page allocation and grant table locks

UPDATES IN VERSION 3
====================

The issue has been assigned CVE-2013-4494.

NOTE REGARDING LACK OF EMBARGO
==============================

While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.

ISSUE DESCRIPTION
=================

The locks page_alloc_lock and grant_table.lock are not always taken in
the same order.  This opens the possibility of deadlock.

IMPACT
======

A malicious guest administrator can deny service to the entire host.

VULNERABLE SYSTEMS
==================

Xen versions going back to at least Xen 3.2 are vulnerable.

To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.

MITIGATION
==========

There is no practical mitigation for this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable
xsa73-4.2.patch             Xen 4.2.x
xsa73-4.1.patch             Xen 4.1.x

$ sha256sum xsa73*.patch
519eb1d2815c41d73c775324f43d1a7d75615775194bd0f6584147b45d04250b  xsa73-4.1.patch
9eab1db170dc13bdd4da76bc2184399f705d124acd14b364428f012ea5c3a281  xsa73-4.2.patch
1c070e66d1bea3c109f22ea4db2e8828f0f4b016d51d6d88667b775eec340514  xsa73-4.3-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSd53SAAoJEIP+FMlX6CvZAMgH/1JgLDhHB5A7w0iVJbHSv4ff
9oxmch/DfMFj1A+Cuhq5YU25I19ocSiqiEU4n7IuADCH4UCetH6UMXqRQ7qj/HPq
RZTGxmPkBNkIVkZd9IqRZEoWy4ENDhdDOa8ViNLqXCTCra0swfeTAav+BtTanpFQ
jca18Ry0o4qo9A/ZNZniAgMV1OXxZkETRm6jVc7tCNzx0daPyAo4xesUDLNJ/EcW
yYv7pIRY1Ct7X5CD3carkRBm0k3PmZ0IClZf5aBWKV8PE95oOk/m8HBIPFGvBp7o
cPBHt7Nra2pWDG76Vtzg0QZuV9XPwaRtPk4U4w9s9K4BpRwDza8mXCBgaRLX9aU=
=RphO
-----END PGP SIGNATURE-----

Download attachment "xsa73-4.1.patch" of type "application/octet-stream" (3742 bytes)

Download attachment "xsa73-4.2.patch" of type "application/octet-stream" (3772 bytes)

Download attachment "xsa73-4.3-unstable.patch" of type "application/octet-stream" (3723 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.