Xen.org security team
2012-Dec-03 17:51 UTC
Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-5510 / XSA-26
version 3
Grant table version switch list corruption vulnerability
UPDATES IN VERSION 3
===================
Public release.
ISSUE DESCRIPTION
================
Downgrading the grant table version of a guest involves freeing its
status pages. This freeing was incomplete - the page(s) are freed back
to the allocator, but not removed from the domain''s tracking
list. This would cause list corruption, eventually leading to a
hypervisor crash.
IMPACT
=====
A malicious guest administrator can cause Xen to crash, leading to a
denial of service attack.
VULNERABLE SYSTEMS
=================
All Xen version from 4.0 on are vulnerable.
Version 3.4 and earlier are not vulnerable.
MITIGATION
=========
Running only guests with trusted kernels will avoid this vulnerability.
RESOLUTION
=========
Applying the appropriate attached patch resolves this issue.
xsa26-4.1.patch Xen 4.1.x
xsa26-4.2.patch Xen 4.2.x
xsa26-unstable.patch xen-unstable
$ sha256sum xsa26*.patch
b4674ddaf9a9786d5e7e5e4f248f6095e118184df581036e0531b5db5e1d645b
xsa26-4.1.patch
a6e2ed7bae3e62d4294fdb48e8a5418b1de8e0e690f4fea4bb430d2b7cf758e6
xsa26-4.2.patch
ac2d5a82f0dba0f4213607a0e3bb9be586d90173bbadc4b402c2f19fbe4b2cf3
xsa26-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQvOJ1AAoJEIP+FMlX6CvZBHIH/jI42gGLsThzGlgkFg2aqE74
EUKIPZE4DLQNl6oTQ/fp0dfJgsQ8XHldovl4EphWK+oO0osloE2HjAY5mesOraui
IIQHRkbosbDshDcSqFDndl+xjAEk1ohlGMMpSdUImIHdFF8ZJneXdK11cqxMtCKR
27ych3lDViqy0OqxFGRZpsBE0hHqU7aiL8Orr+tI4sANnd/qVfZcdqizoTRuAJX3
KOmaq+8VwoRSeppAvVgcnGkDLyCd5udRLNEenjrFo1YkC01bVIdbD59/ZwEIC6eZ
iR7bvppV1nuq9WnbCkx+FVkNc9AuGwUZMOdePH2PwLYqIZGMBi9uqUD3Y0HHMoo=OtT0
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users