Date: Wed, 5 Sep 2012 10:38:44 +0100 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3494 / XSA-12 version 3 hypercall set_debugreg vulnerability UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= set_debugreg allows writes to reserved bits of the DR7 debug control register on x86-64. IMPACT ====== A malicious guest can cause the host to crash, leading to a DoS. If the vulnerable hypervisor is run on future hardware, the impact of the vulnerability might be widened depending on the future assignment of the currently-reserved debug register bits. VULNERABLE SYSTEMS ================== All systems running 64-bit paravirtualised guests. The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2 RCs, and xen-unstable.hg are all vulnerable. MITIGATION ========== This issue can be mitigated by ensuring (inside the guest) that the kernel is trustworthy, or by running only 32-bit or HVM guests. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. PATCH INFORMATION ================= The attached patch resolves this issue: Xen unstable, 4.1 and 4.0 xsa12-all.patch $ sha256sum xsa12-all.patch 2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13 xsa12-all.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQRx0+AAoJEIP+FMlX6CvZnMAH/0fcm9nfiChokydCyqXgdKtJ U2NqeqKzEP6emwLE+cvc+2EBP40fiBXsNATVdXc6Vx15eyzSMfJD3ndYF9OaKMVH MVP6KU/tyK1G/9WgQK9PHBj/Kzp8hwrY0Qw45od7z+R7XMGieLH9l1O1xwkNCYDw R8Xy2GI9IqsXLNpwy3BFYSyGYIX9o8/aBx4ZxHCV8H0OYUWv5hDGZZVXPDqGm11c N+qmUaPV2QlW8Aoww1SiwW5E+/CpyJT5+awEMgZ4IOHPbCBXJfyXbw4aMM2q5Soe mStqvPKL4H10SahaygdjxO+e4NqCHao0rYUXXpUr+aikIXvEearukp3FezR5IUE= =/LmZ -----END PGP SIGNATURE----- Download attachment "xsa12-all.patch" of type "application/octet-stream" (1011 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.