[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen Security Advisory 73 (CVE-2013-4494) - Lock order reversal between page allocation and grant table locks



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              Xen Security Advisory CVE-2013-4494 / XSA-73
                              version 3

    Lock order reversal between page allocation and grant table locks

UPDATES IN VERSION 3
====================

The issue has been assigned CVE-2013-4494.

NOTE REGARDING LACK OF EMBARGO
==============================

While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.

ISSUE DESCRIPTION
=================

The locks page_alloc_lock and grant_table.lock are not always taken in
the same order.  This opens the possibility of deadlock.

IMPACT
======

A malicious guest administrator can deny service to the entire host.

VULNERABLE SYSTEMS
==================

Xen versions going back to at least Xen 3.2 are vulnerable.

To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.

MITIGATION
==========

There is no practical mitigation for this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable
xsa73-4.2.patch             Xen 4.2.x
xsa73-4.1.patch             Xen 4.1.x

$ sha256sum xsa73*.patch
519eb1d2815c41d73c775324f43d1a7d75615775194bd0f6584147b45d04250b  
xsa73-4.1.patch
9eab1db170dc13bdd4da76bc2184399f705d124acd14b364428f012ea5c3a281  
xsa73-4.2.patch
1c070e66d1bea3c109f22ea4db2e8828f0f4b016d51d6d88667b775eec340514  
xsa73-4.3-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSd53SAAoJEIP+FMlX6CvZAMgH/1JgLDhHB5A7w0iVJbHSv4ff
9oxmch/DfMFj1A+Cuhq5YU25I19ocSiqiEU4n7IuADCH4UCetH6UMXqRQ7qj/HPq
RZTGxmPkBNkIVkZd9IqRZEoWy4ENDhdDOa8ViNLqXCTCra0swfeTAav+BtTanpFQ
jca18Ry0o4qo9A/ZNZniAgMV1OXxZkETRm6jVc7tCNzx0daPyAo4xesUDLNJ/EcW
yYv7pIRY1Ct7X5CD3carkRBm0k3PmZ0IClZf5aBWKV8PE95oOk/m8HBIPFGvBp7o
cPBHt7Nra2pWDG76Vtzg0QZuV9XPwaRtPk4U4w9s9K4BpRwDza8mXCBgaRLX9aU=
=RphO
-----END PGP SIGNATURE-----

Attachment: xsa73-4.1.patch
Description: Binary data

Attachment: xsa73-4.2.patch
Description: Binary data

Attachment: xsa73-4.3-unstable.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.