Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20515.53519.833182.698887@mariner.uk.xensource.com>
Date: Thu, 9 Aug 2012 16:02:39 +0100
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org,
    xen-devel@...ts.xen.org,
    xen-users@...ts.xen.org,
    oss-security@...ts.openwall.com
Subject: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Xen Security Advisory CVE-2012-3433 / XSA-11
                          version 3

	HVM guest destroy p2m teardown host DoS vulnerability

UPDATES IN VERSION 3
====================

Embargo ended Thursday 2012-08-09 12:00:00 UTC.

ISSUE DESCRIPTION
=================

An HVM guest is able to manipulate its physical address space such
that tearing down the guest takes an extended period amount of
time searching for shared pages.

This causes the domain 0 VCPU which tears down the domain to be
blocked in the destroy hypercall. This causes that domain 0 VCPU to
become unavailable and may cause the domain 0 kernel to panic.

There is no requirement for memory sharing to be in use.

IMPACT
======

A guest kernel can cause the host to become unresponsive for a period
of time, potentially leading to a DoS.

VULNERABLE SYSTEMS
==================

All systems running HVM guests with untrusted guest kernels.

This vulnerability effects only Xen 4.0 and 4.1. Xen 3.4 and earlier
and xen-unstable are not vulnerable.

MITIGATION
==========

This issue can be mitigated by running PV (para-virtualised) guests
only, or by ensuring (inside the guest) that the kernel is
trustworthy.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

NOTE REGARDING CVE
==================

We do not yet have a CVE Candidate number for this vulnerability.

PATCH INFORMATION
=================

The attached patches resolve this issue

 Xen 4.1, 4.1.x                              xsa11-4.1.patch
 Xen 4.0, 4.0.x                              xsa11-4.0.patch

$ sha256sum xsa11-*.patch
c8ab767d831b20a1b22c69a28127303c89cf0379cbf6f1ba3acfda6240aa2a89  xsa11-4.0.patch
61c6424023a26a8b4ea591d0bff6969908091a1a1e1304567d0d910908f21e8d  xsa11-4.1.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQI8/0AAoJEIP+FMlX6CvZ+fIH/R8w3J9KUiLiIai/QaA4xOjp
rkvdR40b0GzcllDQEy9bUCvRY3QPz7DRza90vLvxCL9R5OnbkRtGJxdmbxjwmoVX
zF03FLaFCd5ypFsTGAcxaUcxtOrt6Ut6R0i8GZp5BCkOV+UkNvu/uaOxL6N3UZ3w
HfCm88EAWsWeJuShiG5jY3BhgCeR7b3GV9uXP0vG5Pa7cwPGvMnx/E6OsC/zEMG2
7yTX0/AI4qKMT9XtiA024vloN1mMlRgN74ZIBqmPuDv5ggv1wLFseARWueYMBn8Y
aUDi97nJf+YWXIx+YwAmD0XLmJ/5tTAYvaV3B4vjMrfFc/plMKDvOqohVB+hv08=
=l4LY
-----END PGP SIGNATURE-----

View attachment "xsa11-4.0.patch" of type "text/plain" (1049 bytes)

View attachment "xsa11-4.1.patch" of type "text/plain" (1063 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.