Date: Fri, 27 Jul 2012 15:39:33 +0100 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com Subject: Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3432 / XSA-10 version 2 HVM guest user mode MMIO emulation DoS vulnerability UPDATES IN VERSION 2 ==================== CVE candidate number assigned. Xen versions 3.2 and earlier are not, in fact, vulnerable; they have an entirely different emulation mechanism. ISSUE DESCRIPTION ================= Internal data of the emulator for MMIO operations may, under certain rare conditions, at the end of one emulation cycle be left in a state affecting a subsequent emulation such that this second emulation would fail, causing an exception to be reported to the guest kernel where none is expected. IMPACT ====== Guest mode unprivileged (user) code, which has been granted the privilege to access MMIO regions, may leverage that access to crash the whole guest. VULNERABLE SYSTEMS ================== All HVM guests exposing MMIO ranges to unprivileged (user) mode. Xen versions 3.3 and later are vulnerable to this issue. MITIGATION ========== This issue can be mitigated by running PV (para-virtualised) guests only, or by ensuring (inside the guest) that MMIO regions can be accessed only by trustworthy processes. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. PATCH INFORMATION ================= The attached patches resolve this issue $ sha256sum xsa10-*.patch f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912 xsa10-4.x.patch fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd xsa10-unstable.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQEqbqAAoJEIP+FMlX6CvZEhIIALkIViTZtEbQ6nWy3Y1U/sm5 BDZUPOeqF5KFV9EXQJcoKM1PGBMBgzeqA4n024k6o9mDimn0PVujSJC+2iX728Sz WW/k5y96q2ixzTmaU0y8X5p6pl+nbCNMQ8In7WysB2XetGHY+b5b80uIVH1Sj1IS QxrMO2HywQSUDNNQq3bD2jQjuIgewh7rMskxXiPWnlPg7MHx4D/jt/O4sP0bnZn2 kvFad8TV9aB3I1dwdI2YJ3Ng3W162Tai6i2lJB1OQUJt0sIARXeXZYVOrkkAY5Tv SjNCCra0NZoaLjOlY0CWwqluPegJAnq1iFb5cF86nwZcoMCIh9OL+0SLyIJEAvg= =sOWo -----END PGP SIGNATURE----- View attachment "xsa10-4.x.patch" of type "text/plain" (1130 bytes) View attachment "xsa10-unstable.patch" of type "text/plain" (1087 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.