Xen project Mailing List

Re: [Xen-devel] [oss-security] Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS

From: Kurt Seifried <kseifried@xxxxxxxxxx>

Date: Fri, 27 Jul 2012 02:10:04 -0600

Cc: xen-announce@xxxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx, "Xen.org security team" <security@xxxxxxx>

Delivery-date: Fri, 27 Jul 2012 11:10:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Openpgp: id=5E267993

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/26/2012 09:30 AM, Xen.org security team wrote: > > Xen Security Advisory XSA-10 > > HVM guest user mode MMIO emulation DoS vulnerability > > ISSUE DESCRIPTION ================= > > Internal data of the emulator for MMIO operations may, under > certain rare conditions, at the end of one emulation cycle be left > in a state affecting a subsequent emulation such that this second > emulation would fail, causing an exception to be reported to the > guest kernel where none is expected. > > IMPACT ====== > > Guest mode unprivileged (user) code, which has been granted the > privilege to access MMIO regions, may leverage that access to crash > the whole guest. > > VULNERABLE SYSTEMS ================== > > All HVM guests exposing MMIO ranges to unprivileged (user) mode. > > All versions of Xen which support HVM guests are vulnerable to this > issue. > > MITIGATION ========== > > This issue can be mitigated by running PV (para-virtualised) guests > only, or by ensuring (inside the guest) that MMIO regions can be > accessed only by trustworthy processes. > > RESOLUTION ========== > > Applying the appropriate attached patch will resolve the issue. > > NOTE REGARDING CVE ================== > > We do not yet have a CVE Candidate number for this vulnerability. > > PATCH INFORMATION ================= > > The attached patches resolve this issue > > $ sha256sum xsa10-*.patch > f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912 > xsa10-4.x.patch > fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd > xsa10-unstable.patch Please use CVE-2012-3432 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQEkzcAAoJEBYNRVNeJnmTBi8QANKeCCOiniLKp5+1LvYXr3rE uV9UijoVTBu6WNtB2L9NXRrenHBvGv38+tmVVg7pCqHkU9nrzhmg4zc8qZY8LJ/V /ZnYuVoWZ/hG+KNi8/NQIiDAiDu4Ip9NnMSW9SdYPVEFSQN4JCQufYOxjCGNzOj1 QidDoyb7i63UAFXj4nvdFmJKVYSvegI+H46vGVkQabBdZ2LXuCHYCw54ZZ0nFqKj LU3t/468DmBn1Gk2EUdufV/NWxWpD33pjwTkMFbYH/C5cSHUMx6UUkD48EWu0YAs MxjigqXHKiXEPsoyfULppRTaxE969MsWDhrjrptymZjasmcXl+v/opmVYT9DJ1gF pAHU0o862p1gcdhBuk/n2DB8HFSk5MJbytDz0KzxgEDrqhFO4AIeAVq6//wXPnym nxNTY/6MQazc+S+coiNvBAtr1sT6CWgHsd0DLLQh/PQZ1DVDKRfufd9LfI7PdPFH gjHp81MArk39vFM5vT01Ac0aG4pj8kTwpTHwt84VL05hj6R/GcB56/526fmmgnan 6KlwufXZkZjP6lteIeidK9NVOhRId5VEL0EguQAc5z8cavl6oD1P+AaECZct+h5r jMHxeQSf0ggQL6zRGBOU6Dlt2+Cg4FjRpWO8iGe0PlZb+XTFUsPk8/OWEKHa2Rlp tXhMnEfhzvKZLMg53D+S =qRMf -----END PGP SIGNATURE----- _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.