Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2012 15:39:33 +0100
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org,
    xen-devel@...ts.xen.org,
    xen-users@...ts.xen.org,
    oss-security@...ts.openwall.com
Subject: Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


            Xen Security Advisory CVE-2012-3432 / XSA-10
                          version 2

	 HVM guest user mode MMIO emulation DoS vulnerability

UPDATES IN VERSION 2
====================

CVE candidate number assigned.

Xen versions 3.2 and earlier are not, in fact, vulnerable; they have
an entirely different emulation mechanism.

ISSUE DESCRIPTION
=================

Internal data of the emulator for MMIO operations may, under
certain rare conditions, at the end of one emulation cycle be left
in a state affecting a subsequent emulation such that this second
emulation would fail, causing an exception to be reported to the
guest kernel where none is expected.

IMPACT
======

Guest mode unprivileged (user) code, which has been granted
the privilege to access MMIO regions, may leverage that access
to crash the whole guest.

VULNERABLE SYSTEMS
==================

All HVM guests exposing MMIO ranges to unprivileged (user) mode.

Xen versions 3.3 and later are vulnerable to this issue.

MITIGATION
==========

This issue can be mitigated by running PV (para-virtualised)
guests only, or by ensuring (inside the guest) that MMIO regions
can be accessed only by trustworthy processes.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

PATCH INFORMATION
=================

The attached patches resolve this issue

$ sha256sum xsa10-*.patch
f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912  xsa10-4.x.patch
fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd  xsa10-unstable.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQEqbqAAoJEIP+FMlX6CvZEhIIALkIViTZtEbQ6nWy3Y1U/sm5
BDZUPOeqF5KFV9EXQJcoKM1PGBMBgzeqA4n024k6o9mDimn0PVujSJC+2iX728Sz
WW/k5y96q2ixzTmaU0y8X5p6pl+nbCNMQ8In7WysB2XetGHY+b5b80uIVH1Sj1IS
QxrMO2HywQSUDNNQq3bD2jQjuIgewh7rMskxXiPWnlPg7MHx4D/jt/O4sP0bnZn2
kvFad8TV9aB3I1dwdI2YJ3Ng3W162Tai6i2lJB1OQUJt0sIARXeXZYVOrkkAY5Tv
SjNCCra0NZoaLjOlY0CWwqluPegJAnq1iFb5cF86nwZcoMCIh9OL+0SLyIJEAvg=
=sOWo
-----END PGP SIGNATURE-----

View attachment "xsa10-4.x.patch" of type "text/plain" (1130 bytes)

View attachment "xsa10-unstable.patch" of type "text/plain" (1087 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.