Xen.org security team
2013-Apr-18 15:16 UTC
Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-1964 / XSA-50
grant table hypercall acquire/release imbalance
ISSUE DESCRIPTION
================
When releasing a non-v1 non-transitive grant after doing a grant copy
operation, Xen incorrectly recurses (as if for a transitive grant) and
releases an unrelated grant reference.
IMPACT
=====
A malicious guest administrator can cause undefined behaviour;
depending on the dom0 kernel a host crash is possible, but information
leakage or privilege escalation cannot be ruled out.
VULNERABLE SYSTEMS
=================
Xen 4.0 and 4.1 are vulnerable. Any kind of guest can trigger the
vulnerability.
Xen 4.2 and xen-unstable, as well as Xen 3.x and earlier, are not
vulnerable.
MITIGATION
=========
Using only trustworthy guest kernels will avoid the vulnerability.
Using a debug build of Xen will eliminate the possible information
leak or privilege violation; instead, if the vulnerability is
attacked, Xen will crash.
NOTE REGARDING EMBARGO
=====================
A crash resulting from this bug has been reported by a user on the
public xen-devel mailing list. There is therefore no embargo.
RESOLUTION
=========
Applying the attached patch resolves this issue.
xsa50-4.1.patch
$ sha256sum xsa50-*.patch
29f76073311a372dd30dd4788447850465d2575d5ff7b2c10912a69e4941fb21
xsa50-4.1.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRcA4pAAoJEIP+FMlX6CvZHhsIAK2RYhWr4CQ2ziTh3o1cbkXe
HfDcWHjLTe1+zoULCKbptUHcoH6/oPxwZBklAfNSECFT47a4FKZu/ARCP1IBtot2
o6cuTTlYgLMMpSfVW//aDJQ59YivhcwN5omLEp4G8N/YHw0IA1W58/IpNKXVbNNy
pmMEqus/QUH8EzGaxLfwIfSrJR96x96QKOlG94lohY5P5aipx/5vXzUPyRFXLbOZ
jr8Ve+woNuYAeBx3zue7TNfhePVuDUl8b7ufhsuYdwkODzEXCNLcJM93Z3eaKfPp
CVDBE38GUO9hr5CpBh5QgGeCCeMhxwI8jXTXUb6N8KFrwgbq04HP7BOmVI4O8Xs=jiz6
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users