Andres Lagar-Cavilla
2012-Aug-09 16:30 UTC
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)
I realize Gridcentric is neither a service provider, nor a "big vendor", and therefore not on the pre-disclosure list. However, this is a bug on which we have first-hand knowledge and ability to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable months ago. I ignored the xen-devel discussion on pre-disclosure list (my bad), but understand now that there may be some use to Gridcentric being in that list. Thanks Andres> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Xen Security Advisory CVE-2012-3433 / XSA-11 > version 3 > > HVM guest destroy p2m teardown host DoS vulnerability > > UPDATES IN VERSION 3 > ===================> > Embargo ended Thursday 2012-08-09 12:00:00 UTC. > > ISSUE DESCRIPTION > ================> > An HVM guest is able to manipulate its physical address space such > that tearing down the guest takes an extended period amount of > time searching for shared pages. > > This causes the domain 0 VCPU which tears down the domain to be > blocked in the destroy hypercall. This causes that domain 0 VCPU to > become unavailable and may cause the domain 0 kernel to panic. > > There is no requirement for memory sharing to be in use. > > IMPACT > =====> > A guest kernel can cause the host to become unresponsive for a period > of time, potentially leading to a DoS. > > VULNERABLE SYSTEMS > =================> > All systems running HVM guests with untrusted guest kernels. > > This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier > and xen-unstable are not vulnerable. > > MITIGATION > =========> > This issue can be mitigated by running PV (para-virtualised) guests > only, or by ensuring (inside the guest) that the kernel is > trustworthy. > > RESOLUTION > =========> > Applying the appropriate attached patch will resolve the issue. > > NOTE REGARDING CVE > =================> > We do not yet have a CVE Candidate number for this vulnerability. > > PATCH INFORMATION > ================> > The attached patches resolve this issue > > Xen 4.1, 4.1.x xsa11-4.1.patch > Xen 4.0, 4.0.x xsa11-4.0.patch > > $ sha256sum xsa11-*.patch > c8ab767d831b20a1b22c69a28127303c89cf0379cbf6f1ba3acfda6240aa2a89 > xsa11-4.0.patch > 61c6424023a26a8b4ea591d0bff6969908091a1a1e1304567d0d910908f21e8d > xsa11-4.1.patch > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJQI8/0AAoJEIP+FMlX6CvZ+fIH/R8w3J9KUiLiIai/QaA4xOjp > rkvdR40b0GzcllDQEy9bUCvRY3QPz7DRza90vLvxCL9R5OnbkRtGJxdmbxjwmoVX > zF03FLaFCd5ypFsTGAcxaUcxtOrt6Ut6R0i8GZp5BCkOV+UkNvu/uaOxL6N3UZ3w > HfCm88EAWsWeJuShiG5jY3BhgCeR7b3GV9uXP0vG5Pa7cwPGvMnx/E6OsC/zEMG2 > 7yTX0/AI4qKMT9XtiA024vloN1mMlRgN74ZIBqmPuDv5ggv1wLFseARWueYMBn8Y > aUDi97nJf+YWXIx+YwAmD0XLmJ/5tTAYvaV3B4vjMrfFc/plMKDvOqohVB+hv08> =l4LY > -----END PGP SIGNATURE-----
George Dunlap
2012-Aug-09 16:40 UTC
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)
On Thu, Aug 9, 2012 at 5:30 PM, Andres Lagar-Cavilla <andres@lagarcavilla.org> wrote:> I realize Gridcentric is neither a service provider, nor a "big vendor", > and therefore not on the pre-disclosure list. > > However, this is a bug on which we have first-hand knowledge and ability > to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable > months ago.I don''t quite understand -- are you saying you could have helped craft a fix? Or are you saying that you would like to be on the list for your customers'' sake?> I ignored the xen-devel discussion on pre-disclosure list (my bad), but > understand now that there may be some use to Gridcentric being in that > list.The discussion has not concluded yet; you can even still express your voice in the "poll" here: http://xen.org/polls/xen_dev_2012_security_process.html It would probably be good to take a look at the discussion before answering; at least my recent posts describing the various options and the criteria to judge them by. :-) Peace, -George
Andres Lagar-Cavilla
2012-Aug-09 16:44 UTC
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)
> On Thu, Aug 9, 2012 at 5:30 PM, Andres Lagar-Cavilla > <andres@lagarcavilla.org> wrote: >> I realize Gridcentric is neither a service provider, nor a "big vendor", >> and therefore not on the pre-disclosure list. >> >> However, this is a bug on which we have first-hand knowledge and ability >> to immediately mitigate. In fact, I wrote equivalent code for >> 4.2/unstable >> months ago. > > I don''t quite understand -- are you saying you could have helped craft > a fix? Or are you saying that you would like to be on the list for > your customers'' sake?The former primarily. But ultimately both.> >> I ignored the xen-devel discussion on pre-disclosure list (my bad), but >> understand now that there may be some use to Gridcentric being in that >> list. > > The discussion has not concluded yet; you can even still express your > voice in the "poll" here: > > http://xen.org/polls/xen_dev_2012_security_process.html > > It would probably be good to take a look at the discussion before > answering; at least my recent posts describing the various options and > the criteria to judge them by. :-)Yes that will take some serious groking cycles. Thanks for the link. Andres> > Peace, > -George >
Tim Deegan
2012-Aug-09 17:15 UTC
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)
At 09:30 -0700 on 09 Aug (1344504612), Andres Lagar-Cavilla wrote:> I realize Gridcentric is neither a service provider, nor a "big vendor", > and therefore not on the pre-disclosure list. > > However, this is a bug on which we have first-hand knowledge and ability > to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable > months ago.For which, thank you -- your patch, and the description of it at the time, made drafting this response much easier!> I ignored the xen-devel discussion on pre-disclosure list (my bad), but > understand now that there may be some use to Gridcentric being in that > list.If you mean helping draft a fix, being on the pre-disclosure list wouldn''t have made a difference (unless you see a problem with the published fix), as that was all done before pre-disclosure. As to whether GridCentric ought to be on the pre-disclosure list as a downstream vendor, now is definitely the time to speak up in the discussion of what the new policy should be. Cheers, Tim.