Date: Wed, 05 Sep 2012 11:14:11 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 18 (CVE-2012-3516) - grant table entry swaps have inadequate bounds checking -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3516 / XSA-18 version 2 grant table entry swaps have inadequate bounds checking UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The grant table hypercall's GNTTABOP_swap_grant_ref sub-operation does not perform adequate checks on the input grant references. IMPACT ====== A malicious guest kernel or administrator can crash the host. It may be possible for an attacker to swap a valid grant reference, which they control, with an invalid one allowing them to write abitrary values to hypervisor memory. This could potentially lead to a privilege escalation. VULNERABLE SYSTEMS ================== Xen-unstable, including Xen 4.2 release candidates are vulnerable to this issue. Xen 4.1 and earlier do not include this hypercall and are therefore not vulnerable. MITIGATION ========== The only mitigation is not to run guests which have untrusted administrators. RESOLUTION ========== Applying the attached patch will resolve the issue. PATCH INFORMATION ================= The attached patch resolves this issue Xen unstable xsa18-unstable.patch $ sha256sum xsa18-unstable.patch ad354a1964fc52b0e48d405514156935cc8dfcb5bdaee307e3e74afcc0ca8914 xsa18-unstable.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQRzP3AAoJEIP+FMlX6CvZ350H/jfmrx6a1pNYF3KYtVVIXu1y ZERi/qxji162XGvB+7gdq+IdhLYAeWXRFF309U1FwcRxaQJPRAT024q6Hs+ITr9i L7OnSP9s+UHT4251X3UlOnEfQyKF6NKJIYbamQbfVIvVPdUtNLj4SKYqxlvjyyc3 DpqiARD5f9+i7OkcojvhXszlbMgbpSQ8TYCW5De0dTkZgKQYq2hRuYf/1hmZ1lJt vFEkTCFxO7uxoH6gulyuEjszDYFAUmE3xdxKbT11mIkwnS1wfgp4Ob5H0ioSDNJo oOxqt4KsuNXHDW/B8QlxnQejKBL0INtmOjh7GMox4bvxg4gP57ZlDweC2lkR37c= =dD8C -----END PGP SIGNATURE----- Download attachment "xsa18-unstable.patch" of type "application/octet-stream" (1368 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.