Xen.org security team
2013-Jan-16 14:50 UTC
Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-0190 / XSA-40
Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.
ISSUE DESCRIPTION
================
xen_failsafe_callback incorrectly sets up its stack if an iret fault is
injected by the hypervisor.
IMPACT
=====
Malicious or buggy unprivileged userspace can cause the guest kernel to
crash, or operate erroneously.
VULNERABLE SYSTEMS
=================
All 32bit PVOPS versions of Linux are affected, since the introduction
of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable.
MITIGATION
=========
This can be mitigated by not running 32bit PVOPS Linux guests.
32bit classic-Xen guests, all 64bit PV guests and all HVM guests are
unaffected.
RESOLUTION
=========
Applying the appropriate attached patch resolves this issue.
xsa40.patch
$ sha256sum xsa40*.patch
b6aa67b4605f6088f757ca28093d265c71e456906619d81d129bf656944ed721 xsa40.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQ9r4HAAoJEIP+FMlX6CvZhIMIAKa3l8CMZ4Di0gyp1cVi95es
0Pzq8qV5Qwla+NZEuz1O91UAxzwke8mrVsKK9PQCUVqdrmKbIrWjGX3b/KNIoa3d
hCGBd1wkTld7XmQxNfr+0BcfybqM92dww623rhv6G2jPaehOMVGWl28vomwkMU9E
iT/z2dqYJuAkcq6hobJ02tyfABl5sWNDE+HvI6EFxTptzeUGQtaPm9q6qbdbw1pT
InAae/VU7u+qAZTr0MY8kncFiK3206LvJX2Wq6YBI6LCFw4eaOvTFfJiAvFojqQb
nl5PT2KXH3IbiZEAiSOENBRiudkzxY0OfGyTnyuwsZuJa7SaI47pN1Sp5YtRPf0=9uNq
-----END PGP SIGNATURE-----
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel