[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability




On 05/09/12 10:49, Jonathan Tripathy wrote:
> Is Xen 3.4.x vulnerable?
>
> Thanks


Yes - Vulnerable (tested and fixed) all the way back as far as Xen-3.2 (which is the earliest version that XenServer still creates security fixes for)

~Andrew

>
> On 05.09.2012 10:38, Xen.org security team wrote:
> Xen Security Advisory CVE-2012-3494 / XSA-12
> version 3
>
> hypercall set_debugreg vulnerability
>
> UPDATES IN VERSION 3
> ====================
>
> Public release.
>
> ISSUE DESCRIPTION
> =================
>
> set_debugreg allows writes to reserved bits of the DR7 debug control
> register on x86-64.
>
> IMPACT
> ======
>
> A malicious guest can cause the host to crash, leading to a DoS.
>
> If the vulnerable hypervisor is run on future hardware, the impact of
> the vulnerability might be widened depending on the future assignment
> of the currently-reserved debug register bits.
>
> VULNERABLE SYSTEMS
> ==================
>
> All systems running 64-bit paravirtualised guests.
>
> The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
> RCs, and xen-unstable.hg are all vulnerable.
>
> MITIGATION
> ==========
>
> This issue can be mitigated by ensuring (inside the guest) that the
> kernel is trustworthy, or by running only 32-bit or HVM guests.
>
> RESOLUTION
> ==========
>
> Applying the appropriate attached patch will resolve the issue.
>
> PATCH INFORMATION
> =================
>
> The attached patch resolves this issue:
>
> Xen unstable, 4.1 and 4.0 xsa12-all.patch
>
> $ sha256sum xsa12-all.patch
> 2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13
> xsa12-all.patch
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel


--
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.