Date: Mon, 03 Dec 2012 17:51:42 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-5510 / XSA-26 version 3 Grant table version switch list corruption vulnerability UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain's tracking list. This would cause list corruption, eventually leading to a hypervisor crash. IMPACT ====== A malicious guest administrator can cause Xen to crash, leading to a denial of service attack. VULNERABLE SYSTEMS ================== All Xen version from 4.0 on are vulnerable. Version 3.4 and earlier are not vulnerable. MITIGATION ========== Running only guests with trusted kernels will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa26-4.1.patch Xen 4.1.x xsa26-4.2.patch Xen 4.2.x xsa26-unstable.patch xen-unstable $ sha256sum xsa26*.patch b4674ddaf9a9786d5e7e5e4f248f6095e118184df581036e0531b5db5e1d645b xsa26-4.1.patch a6e2ed7bae3e62d4294fdb48e8a5418b1de8e0e690f4fea4bb430d2b7cf758e6 xsa26-4.2.patch ac2d5a82f0dba0f4213607a0e3bb9be586d90173bbadc4b402c2f19fbe4b2cf3 xsa26-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQvOJ1AAoJEIP+FMlX6CvZBHIH/jI42gGLsThzGlgkFg2aqE74 EUKIPZE4DLQNl6oTQ/fp0dfJgsQ8XHldovl4EphWK+oO0osloE2HjAY5mesOraui IIQHRkbosbDshDcSqFDndl+xjAEk1ohlGMMpSdUImIHdFF8ZJneXdK11cqxMtCKR 27ych3lDViqy0OqxFGRZpsBE0hHqU7aiL8Orr+tI4sANnd/qVfZcdqizoTRuAJX3 KOmaq+8VwoRSeppAvVgcnGkDLyCd5udRLNEenjrFo1YkC01bVIdbD59/ZwEIC6eZ iR7bvppV1nuq9WnbCkx+FVkNc9AuGwUZMOdePH2PwLYqIZGMBi9uqUD3Y0HHMoo= =OtT0 -----END PGP SIGNATURE----- Download attachment "xsa26-4.1.patch" of type "application/octet-stream" (3932 bytes) Download attachment "xsa26-4.2.patch" of type "application/octet-stream" (3814 bytes) Download attachment "xsa26-unstable.patch" of type "application/octet-stream" (3820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.