Xen project Mailing List

[Xen-announce] Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Wed, 05 Sep 2012 11:12:43 +0000

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Wed, 05 Sep 2012 11:19:00 +0000

List-id: "Xen announcements $low volume$" <xen-announce.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3498 / XSA-16 version 3 PHYSDEVOP_map_pirq index vulnerability UPDATES IN VERSION 3 ==================== Public release. Credit Matthew Daley. ISSUE DESCRIPTION ================= PHYSDEVOP_map_pirq with MAP_PIRQ_TYPE_GSI does not range check map->index. IMPACT ====== A malicious HVM guest kernel can crash the host. It might also be able to read hypervisor or guest memory. VULNERABLE SYSTEMS ================== All Xen systems running HVM guests. PV guests are not vulnerable. The vulnerability dates back to Xen 4.1. Xen 4.0 is not vulnerable. 4.1, the 4.2 RCs, and xen-unstable.hg are vulnerable. MITIGATION ========== This issue can be mitigated by ensuring that the guest kernel is trustworthy, or by running only PV guests. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. CREDIT ====== Thanks to Matthew Daley for finding this vulnerability (and that in XSA-12) and notifying the Xen.org security team. PATCH INFORMATION ================= The attached patches resolve this issue Xen unstable xsa16-unstable.patch Xen 4.1, 4.1.x xsa16-xen-4.1.patch $ sha256sum xsa16-*.patch f8db42898620112c8e77bf116645d650b3671d4ccc49adcad09c7b4591d55cab xsa16-unstable.patch 4b76d554b23977443209e45d3a2404d63695eb3020ff87a8e16e5e25cbddff31 xsa16-xen-4.1.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQRyVFAAoJEIP+FMlX6CvZkqkH/2k5sdGWVThawtjkpTfx8L3T d0QnlJYstbvGxNkRvaafj32jApGkHWwr/Rd4w1MPxXXJOU6bmXjKKXAugVj0wl5Z PZeVtek46S3sSNCavLH7kL1SVZoCikEH2+kv9edGhKOXxO3C+8FkM+HvoZU7tQco ppUhEfINP9WidXlWSEmK2nhZdvrLW7KeqHTQmwx6AC1mUE0YdaF2oTZRPyOgRwIx quYJ3hLiQiQD3eUV56iqNO19/D4jpPibBG33yurdzahRivuLTb7XD+QfKfEDZ1WC SVqIRJha84QBjHLTtPIgmjyF8ysUXnPLol1NTxpIBFX98OCw9Ery0Zic/poFjcc= =7hrh -----END PGP SIGNATURE-----

Attachment: xsa16-unstable.patch
Description: Binary data

Attachment: xsa16-xen-4.1.patch
Description: Binary data

_______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxx http://lists.xen.org/xen-announce

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.