[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2022-42328,CVE-2022-42329 / XSA-424 Guests can trigger deadlock in Linux netback driver ISSUE DESCRIPTION ================= The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). IMPACT ====== A malicious guest could cause Denial of Service (DoS) of the host via the paravirtualized network interface. VULNERABLE SYSTEMS ================== All systems using the Linux kernel based network backend xen-netback are vulnerable. MITIGATION ========== Using another PV network backend (e.g. the qemu based "qnic" backend) will mitigate the problem. Using a dedicated network driver domain per guest will mitigate the problem. NOTE REGARDING LACK OF EMBARGO ============================== This issue was discussed in public already. RESOLUTION ========== Applying the attached patch resolves this issue. xsa424-linux.patch Linux 6.0, 6.1-rc $ sha256sum xsa424* 89db7cad9694f498c4ac450356932fb69fb514162e07aea0343776effa821fc8 xsa424-linux.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmOPXKYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ30IH/1GZwPXXAqMjN3d1n7BotiDLfmDiNp8e92wvQvmh cXgsBtvTZ+oDzI7J+Xr/42c4IN41s34fWl0hmNbdrw4lwrOSoj0rnCP73Bn22oUT jbv3bmFOHytCs5crvVrA4S7dCNcdpoEmfOoSaz1cBPhMecotlgTQo7M2Cagv3O9a a9fR+KGMk9EBDGdo2wBJyEcD9ApASPEV+LJgLoTOuYFIStCO/+TTBfJx5H7T/vgK Dqxsq1nULCSBc5Z5wrmtF49G3asBrAbPTkRhpyp9giXU+UV0QNJclnc+IJPdLIOe jISAvpHQ3Fkb7Q25jaBg+c0bf9KzT3ekBOaf1RofgA84Jg0= =4J/5 -----END PGP SIGNATURE----- Attachment:
xsa424-linux.patch
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |