Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1USp0i-0002mC-Gc@xenbits.xen.org>
Date: Thu, 18 Apr 2013 13:36:24 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 46 (CVE-2013-1919) - Several access
 permission issues with IRQs for unprivileged guests

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-1919 / XSA-46
                              version 3

     Several access permission issues with IRQs for unprivileged guests

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

Various IRQ related access control operations may not have the
intended effect, thus potentially permitting a stub domain to grant
its client domain access to an IRQ it doesn't have access to itself.

IMPACT
======

Malicious or buggy stub domains kernels can mount a denial of service
attack possibly affecting the whole system.

VULNERABLE SYSTEMS
==================

Only Xen systems using stub domains are vulnerable.

Only guests with passed-through IRQs or PCI devices are able to
exploit the vulnerability.

It is remotely possible that PV guests with passthrough IRQs or
devices may also be able to exploit this vulnerability, although we
think this is unlikely.

MITIGATION
==========

Servicing HVM guests with passthrough IRQs or PCI devices in dom0 (ie,
not using a stub domain device model) should avoid this vulnerability.

Reconfiguring the system to disable IRQ/PCI passthrough and instead
providing the guests with appropriate paravirtualised facilities will
avoid this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa46-4.1.patch             Xen 4.1.x
xsa46-4.2.patch             Xen 4.2.x
xsa46-unstable.patch        xen-unstable

$ sha256sum xsa46*.patch
3b2ea317c1cf2ba428cc14946d030d38294747fef2beeb16eba30bcf3b1bc2cc  xsa46-4.1.patch
822da2303f1fc69648d7a29eb72fdda8e64baab3edc0e1548456d31e66ed1d7c  xsa46-4.2.patch
6987201720ef8af89a4682bddc33f639e1f87dc12f1ea7aee1f2e0481b1e909c  xsa46-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRb/aXAAoJEIP+FMlX6CvZV94IAJPB3B2qnny5zhfOqp2yO17+
nMJ+Hk3EBuMWXJVF8apjxsgfrZa0paNSU0zyhQIFV0ObVU9B90tfJfb3L+L7+t8G
3Z9vPzE6aHZ32+OlMOIHWIvHZiiDZhM7siqayYqPphJbYW0l2jvogY9BO+00ALkr
ctoFPzMhweVf1EK5WMLC4py8Xa06qddaOKj0Jg+DuLQzlgCyeuAfFtg/UmKFUL2k
yDpIXTYt3/7uleR60VMEmRZWQqQN/j1jGS+XQyOzgIDaM1DRvCE+fUmmULCsd0Je
0m/4lHm6O69XZ/z3TZ4bKqlzr8KRM2YEEzKk9L3MpRgdVh1mRLAwrsW8gwGBbyc=
=rw/Y
-----END PGP SIGNATURE-----

Download attachment "xsa46-4.1.patch" of type "application/octet-stream" (8573 bytes)

Download attachment "xsa46-4.2.patch" of type "application/octet-stream" (9844 bytes)

Download attachment "xsa46-unstable.patch" of type "application/octet-stream" (9818 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.