Xen.org security team
2013-Feb-05 13:15 UTC
Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-0231 / XSA-43
version 2
Linux pciback DoS via not rate limited log messages.
UPDATES IN VERSION 2
===================
Public release.
ISSUE DESCRIPTION
================
Xen''s PCI backend drivers in Linux allow a guest with assigned PCI
device(s)
to cause a DoS through a flood of kernel messages, potentially affecting other
domains in the system.
IMPACT
=====
A malicious guest can mount a DoS affecting the entire system.
VULNERABLE SYSTEMS
=================
All systems running guests with access to passed through PCI devices are
vulnerable.
Both mainline ("pvops") and classic-Xen patch kernels are affected.
MITIGATION
=========
This issue can be avoided by not assigning PCI devices to untrusted
guests.
RESOLUTION
=========
Applying the appropriate attached patch resolves this issue.
xsa43-pvops.patch Apply to mainline Linux 3.8-rc5.
xsa43-classic.patch Apply to linux-2.6.18-xen tree.
$ sha256sum xsa43*.patch
4dec2d9b043bce2b8b54578573ba254fa7e6cbf4640cd100f40d8bf8a5a6a470
xsa43-classic.patch
6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8
xsa43-pvops.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJREQI+AAoJEIP+FMlX6CvZkoEH/2sIEO+1qLiHTde/UJznrvr8
R8MDNC5tqXVLtbPjScoTItMHaPfz33lcypz9UFknHepdwZKhRrcuqy4E79lxeXDG
BybbbbfNfJPeUG44O1fkyJTJys0xRBnAGzWInZZwq+gWRaJv+JNhzinFujvLNDJV
4m2ObnSwT1mx/9CjRxWGakKDhPcZSGmWIicyN5tueNKdWbAjSqiR/J8N5W+QJiCm
+BzjzYpfUqn0vKOlARQIMshzqFjYVTnoHFZf/4Hl7ogIibxfGGo5t05pzBoAlIgj
nTizW2Bxs9XM1NaFsZ2ESg8KVDTFSHS+jsMtdl0bWoHwRs6nNMQJJTjTPHXspCQ=5o5U
-----END PGP SIGNATURE-----
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Jan Beulich
2013-Feb-22 14:17 UTC
Re: Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
>>> On 05.02.13 at 14:15, Xen.org security team <security@xen.org> wrote: > RESOLUTION > =========> > Applying the appropriate attached patch resolves this issue. > > xsa43-pvops.patch Apply to mainline Linux 3.8-rc5.I realized the other day that stable@ wasn''t Cc-ed on this one either, and I think it would be more authoritative if you as the maintainer of the patched code asked for this being added there. Thanks, Jan
Konrad Rzeszutek Wilk
2013-Feb-22 15:44 UTC
Re: Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
On Fri, Feb 22, 2013 at 02:17:49PM +0000, Jan Beulich wrote:> >>> On 05.02.13 at 14:15, Xen.org security team <security@xen.org> wrote: > > RESOLUTION > > =========> > > > Applying the appropriate attached patch resolves this issue. > > > > xsa43-pvops.patch Apply to mainline Linux 3.8-rc5. > > I realized the other day that stable@ wasn''t Cc-ed on this one > either, and I think it would be more authoritative if you as the > maintainer of the patched code asked for this being added there.Yikes. Let me do that.> > Thanks, Jan >