|
Message-Id: <E1U2iMi-0008AG-9I@xenbits.xen.org> Date: Tue, 05 Feb 2013 13:15:12 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39 version 2 Linux netback DoS via malicious guest ring. UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. IMPACT ====== A malicious guest can mount a DoS affecting the entire system. VULNERABLE SYSTEMS ================== All systems running guests with access to PV network devices are vulnerable. CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch kernels. CVE-2013-0217 affects only mainline ("pvops") kernels. MITIGATION ========== Running HVM guests with only emulated or passthrough NICs or PV guests with only passthrough NICs will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patches in sequence resolves this issue. xsa39-pvops-*.patch Apply to mainline Linux 3.8-rc2 xsa39-classic-*.patch Apply to linux-2.6.18-xen tree. All patches for the given branch should be applied in numerical order. $ sha256sum xsa39*.patch 4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1 xsa39-classic-0001-xen-netback-garbage-ring.patch 096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce xsa39-classic-0002-xen-netback-wrap-around.patch 99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5 xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969 xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch 70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch 5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJREQI5AAoJEIP+FMlX6CvZLbcIAL7gpD+EzDjb+g3ZlORl1jPV +icqyDoPWeWructbggY+YcJJc2IavNrRXBSN/9edSTUXSi7YTW+Tjeh8bcLza1JM McWKxPtJB8CKEIAjAeT8qMVaNUNQuJQTtTLtXHGuQE6xwxK8YmgLzQSx91OOp9Bx 49GK1Ptnp7bQoEoc7B3oN6GXr/hs/FvaD0Cr481yUxXX1GxV+AL7sxXiJ4kXu1rE UTSLFAzUfw1KWI5wP3GQCREhysCvgIq4mZyD5+TF8MUagpg+m1aURs2AUUxrJ/Zw o+LVEKWYRsTtWIRtwYOdPHn73bllyPOrBgimTDBM9rY9CztOnN8yoPRlUz0Sux0= =UhBt -----END PGP SIGNATURE----- Download attachment "xsa39-classic-0001-xen-netback-garbage-ring.patch" of type "application/octet-stream" (7936 bytes) Download attachment "xsa39-classic-0002-xen-netback-wrap-around.patch" of type "application/octet-stream" (464 bytes) Download attachment "xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch" of type "application/octet-stream" (8321 bytes) Download attachment "xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch" of type "application/octet-stream" (5021 bytes) Download attachment "xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch" of type "application/octet-stream" (1467 bytes) Download attachment "xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch" of type "application/octet-stream" (868 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.