Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 01 Nov 2013 15:25:45 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 73 - Lock order reversal between page
 allocation and grant table locks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Xen Security Advisory XSA-73
                              version 2

    Lock order reversal between page allocation and grant table locks

UPDATES IN VERSION 2
====================

Corrected typo in xsa73-4.1.patch. The other patches were already
correct.

NOTE REGARDING LACK OF EMBARGO
==============================

While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.

ISSUE DESCRIPTION
=================

The locks page_alloc_lock and grant_table.lock are not always taken in
the same order.  This opens the possibility of deadlock.

IMPACT
======

A malicious guest administrator can deny service to the entire host.

VULNERABLE SYSTEMS
==================

Xen versions going back to at least Xen 3.2 are vulnerable.

To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.

MITIGATION
==========

There is no practical mitigation for this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable
xsa73-4.2.patch             Xen 4.2.x
xsa73-4.1.patch             Xen 4.1.x

$ sha256sum xsa73*.patch
c9284e2c12b1c4f8c63d11b8802b4f408e6623f857f120b04e47840f433e4823  xsa73-4.1.patch
10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c  xsa73-4.2.patch
48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b  xsa73-4.3-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSc8fSAAoJEIP+FMlX6CvZeRUH/Rn+MT2Xj1zteuIs89cLZOBc
5ieh44Nqulyn/kQU+j7tzmq0urzt5w0VEiL7CWDxXe6KktzKZDnZTkXDSXr13sxU
pIM682cpaSsGvDFDSKdc6x03cNQ3P+FSrz/uWEWmCFjOuqRT839RkY3NbkC6mhaH
O9JUW+uojphJ3TJDfmvl9xsN4W6A3H8SvJp71c6LNGMTUXfAsOahNnrlJev+s8Pu
OruXzqVFzOpU1BbWYAakhSgUg/5+FTCcR+ZUN4AgMHgetnXIbR0qGtvWGEP9kTVt
wOK/mgAA7T4yHyTySmmVHc/BN422e0xv045Zr25AI2WrteLnpo4gj5GJBuAilEU=
=RHfD
-----END PGP SIGNATURE-----

Download attachment "xsa73-4.1.patch" of type "application/octet-stream" (3726 bytes)

Download attachment "xsa73-4.2.patch" of type "application/octet-stream" (3756 bytes)

Download attachment "xsa73-4.3-unstable.patch" of type "application/octet-stream" (3707 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.