[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Xen Security Advisory CVE-2012-3494 / XSA-12
                             version 3

              hypercall set_debugreg vulnerability

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

set_debugreg allows writes to reserved bits of the DR7 debug control
register on x86-64.

IMPACT
======

A malicious guest can cause the host to crash, leading to a DoS.

If the vulnerable hypervisor is run on future hardware, the impact of
the vulnerability might be widened depending on the future assignment
of the currently-reserved debug register bits.

VULNERABLE SYSTEMS
==================

All systems running 64-bit paravirtualised guests.

The vulnerability dates back to at least Xen 4.0.  4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.

MITIGATION
==========

This issue can be mitigated by ensuring (inside the guest) that the
kernel is trustworthy, or by running only 32-bit or HVM guests.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

PATCH INFORMATION
=================

The attached patch resolves this issue:

 Xen unstable, 4.1 and 4.0              xsa12-all.patch

$ sha256sum xsa12-all.patch
2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13  
xsa12-all.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQRx0+AAoJEIP+FMlX6CvZnMAH/0fcm9nfiChokydCyqXgdKtJ
U2NqeqKzEP6emwLE+cvc+2EBP40fiBXsNATVdXc6Vx15eyzSMfJD3ndYF9OaKMVH
MVP6KU/tyK1G/9WgQK9PHBj/Kzp8hwrY0Qw45od7z+R7XMGieLH9l1O1xwkNCYDw
R8Xy2GI9IqsXLNpwy3BFYSyGYIX9o8/aBx4ZxHCV8H0OYUWv5hDGZZVXPDqGm11c
N+qmUaPV2QlW8Aoww1SiwW5E+/CpyJT5+awEMgZ4IOHPbCBXJfyXbw4aMM2q5Soe
mStqvPKL4H10SahaygdjxO+e4NqCHao0rYUXXpUr+aikIXvEearukp3FezR5IUE=
=/LmZ
-----END PGP SIGNATURE-----

Attachment: xsa12-all.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.