Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 9 Aug 2012 16:02:39 +0100
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org,
    xen-devel@...ts.xen.org,
    xen-users@...ts.xen.org,
    oss-security@...ts.openwall.com
Subject: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Xen Security Advisory CVE-2012-3433 / XSA-11
                          version 3

	HVM guest destroy p2m teardown host DoS vulnerability

UPDATES IN VERSION 3
====================

Embargo ended Thursday 2012-08-09 12:00:00 UTC.

ISSUE DESCRIPTION
=================

An HVM guest is able to manipulate its physical address space such
that tearing down the guest takes an extended period amount of
time searching for shared pages.

This causes the domain 0 VCPU which tears down the domain to be
blocked in the destroy hypercall. This causes that domain 0 VCPU to
become unavailable and may cause the domain 0 kernel to panic.

There is no requirement for memory sharing to be in use.

IMPACT
======

A guest kernel can cause the host to become unresponsive for a period
of time, potentially leading to a DoS.

VULNERABLE SYSTEMS
==================

All systems running HVM guests with untrusted guest kernels.

This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier
and xen-unstable are not vulnerable.

MITIGATION
==========

This issue can be mitigated by running PV (para-virtualised) guests
only, or by ensuring (inside the guest) that the kernel is
trustworthy.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

NOTE REGARDING CVE
==================

We do not yet have a CVE Candidate number for this vulnerability.

PATCH INFORMATION
=================

The attached patches resolve this issue

 Xen 4.1, 4.1.x                              xsa11-4.1.patch
 Xen 4.0, 4.0.x                              xsa11-4.0.patch

$ sha256sum xsa11-*.patch
c8ab767d831b20a1b22c69a28127303c89cf0379cbf6f1ba3acfda6240aa2a89  xsa11-4.0.patch
61c6424023a26a8b4ea591d0bff6969908091a1a1e1304567d0d910908f21e8d  xsa11-4.1.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQI8/0AAoJEIP+FMlX6CvZ+fIH/R8w3J9KUiLiIai/QaA4xOjp
rkvdR40b0GzcllDQEy9bUCvRY3QPz7DRza90vLvxCL9R5OnbkRtGJxdmbxjwmoVX
zF03FLaFCd5ypFsTGAcxaUcxtOrt6Ut6R0i8GZp5BCkOV+UkNvu/uaOxL6N3UZ3w
HfCm88EAWsWeJuShiG5jY3BhgCeR7b3GV9uXP0vG5Pa7cwPGvMnx/E6OsC/zEMG2
7yTX0/AI4qKMT9XtiA024vloN1mMlRgN74ZIBqmPuDv5ggv1wLFseARWueYMBn8Y
aUDi97nJf+YWXIx+YwAmD0XLmJ/5tTAYvaV3B4vjMrfFc/plMKDvOqohVB+hv08=
=l4LY
-----END PGP SIGNATURE-----

View attachment "xsa11-4.0.patch" of type "text/plain" (1049 bytes)

View attachment "xsa11-4.1.patch" of type "text/plain" (1063 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.