Xen.org security team
2012-Jul-27 14:39 UTC
Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3432 / XSA-10 version 2 HVM guest user mode MMIO emulation DoS vulnerability UPDATES IN VERSION 2 =================== CVE candidate number assigned. Xen versions 3.2 and earlier are not, in fact, vulnerable; they have an entirely different emulation mechanism. ISSUE DESCRIPTION ================ Internal data of the emulator for MMIO operations may, under certain rare conditions, at the end of one emulation cycle be left in a state affecting a subsequent emulation such that this second emulation would fail, causing an exception to be reported to the guest kernel where none is expected. IMPACT ===== Guest mode unprivileged (user) code, which has been granted the privilege to access MMIO regions, may leverage that access to crash the whole guest. VULNERABLE SYSTEMS ================= All HVM guests exposing MMIO ranges to unprivileged (user) mode. Xen versions 3.3 and later are vulnerable to this issue. MITIGATION ========= This issue can be mitigated by running PV (para-virtualised) guests only, or by ensuring (inside the guest) that MMIO regions can be accessed only by trustworthy processes. RESOLUTION ========= Applying the appropriate attached patch will resolve the issue. PATCH INFORMATION ================ The attached patches resolve this issue $ sha256sum xsa10-*.patch f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912 xsa10-4.x.patch fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd xsa10-unstable.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQEqbqAAoJEIP+FMlX6CvZEhIIALkIViTZtEbQ6nWy3Y1U/sm5 BDZUPOeqF5KFV9EXQJcoKM1PGBMBgzeqA4n024k6o9mDimn0PVujSJC+2iX728Sz WW/k5y96q2ixzTmaU0y8X5p6pl+nbCNMQ8In7WysB2XetGHY+b5b80uIVH1Sj1IS QxrMO2HywQSUDNNQq3bD2jQjuIgewh7rMskxXiPWnlPg7MHx4D/jt/O4sP0bnZn2 kvFad8TV9aB3I1dwdI2YJ3Ng3W162Tai6i2lJB1OQUJt0sIARXeXZYVOrkkAY5Tv SjNCCra0NZoaLjOlY0CWwqluPegJAnq1iFb5cF86nwZcoMCIh9OL+0SLyIJEAvg=sOWo -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users