Xen.org security team
2012-Dec-03 17:51 UTC
Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-5515 / XSA-31
version 3
Several memory hypercall operations allow invalid extent order values
UPDATES IN VERSION 3
===================
Public release.
ISSUE DESCRIPTION
================
Allowing arbitrary extent_order input values for XENMEM_decrease_reservation,
XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time
being spent in loops without allowing vital other code to get a chance to
execute. This may also cause inconsistent state resulting at the completion
of these hypercalls.
IMPACT
=====
A malicious guest administrator can cause Xen to hang.
VULNERABLE SYSTEMS
=================
All Xen versions are vulnerable. However, older versions (not supporting
Populate-on-Demand, i.e. before 3.4) may only be theoretically affected.
MITIGATION
=========
Running only trusted guest kernels will avoid this vulnerability.
RESOLUTION
=========
Applying the appropriate attached patch resolves this issue.
xsa31-4.1.patch Xen 4.1.x
xsa31-4.2-unstable.patch Xen 4.2.x, xen-unstable
$ sha256sum xsa31*.patch
8e4bb43999d1a72d7f1b6ad3e66d0c173ca711c8145c5804b025eaa63d2c1691
xsa31-4.1.patch
090d0cca3eddaee798e5f06a8d5f469d47f874c657abcd6028248d949d36da81
xsa31-4.2-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQvOJ4AAoJEIP+FMlX6CvZhCgIAIAkB8EpoFU0vwCW26toELFh
3odZ8kji4hBoIaR6vOj4BIrSuTxC+0TZl3JGSwxQ+zo2k15njNqPZM/8m5kztLzZ
K79GXhSRb6zo96EmAhxX6wU4qpBdDH7htdAsO74ApHdfw3hw9yXY2h+OkwiYTO6J
K0TegvNYoJ+9NJ4ePTgZpHp4B1H4ymtvw84uzNBJQ6ePR95lV4aOq7h1loIvMPzB
Mcxy+3LTAZasK7yYZLClyHXR46pN41qbMawKYNMp70+fQvyP58P6cExwZ4ODrbHf
dfgEg2yNeI4YXzOx2vbRSDRDAzf4lhGHq9fXhUpNF/denRJJCC9r/E0+nWTzWog=CUvM
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users