Xen project Mailing List

[Xen-announce] Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability

To: "xen-announce@xxxxxxxxxxxxx" <xen-announce@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, "oss-security@xxxxxxxxxxxxxxxxxx" <oss-security@xxxxxxxxxxxxxxxxxx>

From: Xen.org security team <security@xxxxxxx>

Date: Wed, 5 Sep 2012 05:38:44 -0400

Accept-language: en-US

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Wed, 05 Sep 2012 10:07:18 +0000

List-id: "Xen announcements $low volume$" <xen-announce.lists.xen.org>

Resent-date: Wed, 5 Sep 2012 11:04:01 +0100

Resent-from: Xen.org security team <security@xxxxxxx>

Resent-message-id: <20551.9105.965458.184425@xxxxxxxxxxxxxxxxxxxxxxxx>

Resent-to: xen-announce@xxxxxxxxxxxxx

Thread-index: Ac2LSkqNOZy+VpGcQOWdEgcZjtLbvw==

Thread-topic: Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3494 / XSA-12 version 3 hypercall set_debugreg vulnerability UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= set_debugreg allows writes to reserved bits of the DR7 debug control register on x86-64. IMPACT ====== A malicious guest can cause the host to crash, leading to a DoS. If the vulnerable hypervisor is run on future hardware, the impact of the vulnerability might be widened depending on the future assignment of the currently-reserved debug register bits. VULNERABLE SYSTEMS ================== All systems running 64-bit paravirtualised guests. The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2 RCs, and xen-unstable.hg are all vulnerable. MITIGATION ========== This issue can be mitigated by ensuring (inside the guest) that the kernel is trustworthy, or by running only 32-bit or HVM guests. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. PATCH INFORMATION ================= The attached patch resolves this issue: Xen unstable, 4.1 and 4.0 xsa12-all.patch $ sha256sum xsa12-all.patch 2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13 xsa12-all.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQRx0+AAoJEIP+FMlX6CvZnMAH/0fcm9nfiChokydCyqXgdKtJ U2NqeqKzEP6emwLE+cvc+2EBP40fiBXsNATVdXc6Vx15eyzSMfJD3ndYF9OaKMVH MVP6KU/tyK1G/9WgQK9PHBj/Kzp8hwrY0Qw45od7z+R7XMGieLH9l1O1xwkNCYDw R8Xy2GI9IqsXLNpwy3BFYSyGYIX9o8/aBx4ZxHCV8H0OYUWv5hDGZZVXPDqGm11c N+qmUaPV2QlW8Aoww1SiwW5E+/CpyJT5+awEMgZ4IOHPbCBXJfyXbw4aMM2q5Soe mStqvPKL4H10SahaygdjxO+e4NqCHao0rYUXXpUr+aikIXvEearukp3FezR5IUE= =/LmZ -----END PGP SIGNATURE-----

Attachment: xsa12-all.patch
Description: xsa12-all.patch

_______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxx http://lists.xen.org/xen-announce

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.