[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-5515 / XSA-31 version 3 Several memory hypercall operations allow invalid extent order values UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Allowing arbitrary extent_order input values for XENMEM_decrease_reservation, XENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time being spent in loops without allowing vital other code to get a chance to execute. This may also cause inconsistent state resulting at the completion of these hypercalls. IMPACT ====== A malicious guest administrator can cause Xen to hang. VULNERABLE SYSTEMS ================== All Xen versions are vulnerable. However, older versions (not supporting Populate-on-Demand, i.e. before 3.4) may only be theoretically affected. MITIGATION ========== Running only trusted guest kernels will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa31-4.1.patch Xen 4.1.x xsa31-4.2-unstable.patch Xen 4.2.x, xen-unstable $ sha256sum xsa31*.patch 8e4bb43999d1a72d7f1b6ad3e66d0c173ca711c8145c5804b025eaa63d2c1691 xsa31-4.1.patch 090d0cca3eddaee798e5f06a8d5f469d47f874c657abcd6028248d949d36da81 xsa31-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQvOJ4AAoJEIP+FMlX6CvZhCgIAIAkB8EpoFU0vwCW26toELFh 3odZ8kji4hBoIaR6vOj4BIrSuTxC+0TZl3JGSwxQ+zo2k15njNqPZM/8m5kztLzZ K79GXhSRb6zo96EmAhxX6wU4qpBdDH7htdAsO74ApHdfw3hw9yXY2h+OkwiYTO6J K0TegvNYoJ+9NJ4ePTgZpHp4B1H4ymtvw84uzNBJQ6ePR95lV4aOq7h1loIvMPzB Mcxy+3LTAZasK7yYZLClyHXR46pN41qbMawKYNMp70+fQvyP58P6cExwZ4ODrbHf dfgEg2yNeI4YXzOx2vbRSDRDAzf4lhGHq9fXhUpNF/denRJJCC9r/E0+nWTzWog= =CUvM -----END PGP SIGNATURE----- Attachment:
xsa31-4.1.patch Attachment:
xsa31-4.2-unstable.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |