Date: Thu, 04 Apr 2013 17:57:19 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1920 / XSA-47 Potential use of freed memory in event channel operations ISSUE DESCRIPTION ================= Wrong ordering of operations upon extending the per-domain event channel tracking table can cause a pointer to freed memory to be left in place, when the hypervisor is under memory pressure and XSM (Xen Security Module) is enabled. IMPACT ====== Malicious guest kernels could inject arbitrary events or corrupt other hypervisor state, possibly leading to code execution. VULNERABLE SYSTEMS ================== All Xen versions from 3.2 onwards are vulnerable when making use of XSM. Configurations without XSM or with a dummy module are not affected. MITIGATION ========== Running without XSM (which is the default) will avoid this vulnerability, albeit doing so will likely lower overall security of systems that would otherwise have XSM enabled. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa47-4.1.patch Xen 4.1.x xsa47-4.2-unstable.patch Xen 4.2.x and xen-unstable $ sha256sum xsa47*.patch e49a03e0693de07ec1418eb16191854458e72088febd6948ea5bc1f900a1853a xsa47-4.1.patch c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7 xsa47-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRXb5fAAoJEIP+FMlX6CvZ0RwH/AtcVQFvERB+16wSjN3GTguk LnakHD3NCVeaDNbkF0G4b4ibR5oOCAGO/9CQwcB1QKj67mvYJm2kglDnGWUmZUQC TKWZR5vA9D9YAQvll8mSwd3OdLBoN0IGYPp9AIVUi9zl34zF+ZzbtsC57dvmjQD6 /E0tMDgOoCsA8ARnuknjbgk+CbfsGi/dbxYGDla4/wMC9wbUhG1wcA9lqNa37azT 1lRIj8qI3TfWC4aMh1kZKPsljrHZLkfA2VxgkrTCjr7u2Usr7vgUsNT4F0rYouRI h5mo1JszJOnM2EHuzVbQrvBmaXlPIFF/S5cRvD6RIavEsOUet5au49Hnhb/ENG4= =/g6f -----END PGP SIGNATURE----- Download attachment "xsa47-4.1.patch" of type "application/octet-stream" (860 bytes) Download attachment "xsa47-4.2-unstable.patch" of type "application/octet-stream" (865 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.