Xen project Mailing List

Re: [Xen-devel] Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)

From: "Andres Lagar-Cavilla" <andres@xxxxxxxxxxxxxxxx>

Date: Thu, 9 Aug 2012 09:30:12 -0700

Cc: ian.jackson@xxxxxxxxxx, tim@xxxxxxx, ian.campbell@xxxxxxxxxx, security@xxxxxxx

Delivery-date: Thu, 09 Aug 2012 16:30:49 +0000

Domainkey-signature: a=rsa-sha1; c=nofws; d=lagarcavilla.org; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; q=dns; s= lagarcavilla.org; b=JuF9kKNCiPX/W3egmQ8LPDFbYbU3lbaFBlPxbJC5I2Yf QtpAdzMobijyqndnUoGXDCbs/OyxxoI/FcAG2xEQ0fiC/Km6+BZNvrv+dH2z/dJ+ eK51MQ2dSCyOTo+YW7FLPckBAFH/tstakiirhwqfw+YwMYeL/fsFKcJrCWnbll8=

List-id: Xen developer discussion <xen-devel.lists.xen.org>

I realize Gridcentric is neither a service provider, nor a "big vendor", and therefore not on the pre-disclosure list. However, this is a bug on which we have first-hand knowledge and ability to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable months ago. I ignored the xen-devel discussion on pre-disclosure list (my bad), but understand now that there may be some use to Gridcentric being in that list. Thanks Andres > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Xen Security Advisory CVE-2012-3433 / XSA-11 > version 3 > > HVM guest destroy p2m teardown host DoS vulnerability > > UPDATES IN VERSION 3 > ==================== > > Embargo ended Thursday 2012-08-09 12:00:00 UTC. > > ISSUE DESCRIPTION > ================= > > An HVM guest is able to manipulate its physical address space such > that tearing down the guest takes an extended period amount of > time searching for shared pages. > > This causes the domain 0 VCPU which tears down the domain to be > blocked in the destroy hypercall. This causes that domain 0 VCPU to > become unavailable and may cause the domain 0 kernel to panic. > > There is no requirement for memory sharing to be in use. > > IMPACT > ====== > > A guest kernel can cause the host to become unresponsive for a period > of time, potentially leading to a DoS. > > VULNERABLE SYSTEMS > ================== > > All systems running HVM guests with untrusted guest kernels. > > This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier > and xen-unstable are not vulnerable. > > MITIGATION > ========== > > This issue can be mitigated by running PV (para-virtualised) guests > only, or by ensuring (inside the guest) that the kernel is > trustworthy. > > RESOLUTION > ========== > > Applying the appropriate attached patch will resolve the issue. > > NOTE REGARDING CVE > ================== > > We do not yet have a CVE Candidate number for this vulnerability. > > PATCH INFORMATION > ================= > > The attached patches resolve this issue > > Xen 4.1, 4.1.x xsa11-4.1.patch > Xen 4.0, 4.0.x xsa11-4.0.patch > > $ sha256sum xsa11-*.patch > c8ab767d831b20a1b22c69a28127303c89cf0379cbf6f1ba3acfda6240aa2a89 > xsa11-4.0.patch > 61c6424023a26a8b4ea591d0bff6969908091a1a1e1304567d0d910908f21e8d > xsa11-4.1.patch > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJQI8/0AAoJEIP+FMlX6CvZ+fIH/R8w3J9KUiLiIai/QaA4xOjp > rkvdR40b0GzcllDQEy9bUCvRY3QPz7DRza90vLvxCL9R5OnbkRtGJxdmbxjwmoVX > zF03FLaFCd5ypFsTGAcxaUcxtOrt6Ut6R0i8GZp5BCkOV+UkNvu/uaOxL6N3UZ3w > HfCm88EAWsWeJuShiG5jY3BhgCeR7b3GV9uXP0vG5Pa7cwPGvMnx/E6OsC/zEMG2 > 7yTX0/AI4qKMT9XtiA024vloN1mMlRgN74ZIBqmPuDv5ggv1wLFseARWueYMBn8Y > aUDi97nJf+YWXIx+YwAmD0XLmJ/5tTAYvaV3B4vjMrfFc/plMKDvOqohVB+hv08= > =l4LY > -----END PGP SIGNATURE----- _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.