[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx
From: Xen.org security team <security@xxxxxxx>
Date: Tue, 13 Nov 2012 12:56:06 +0000
Cc: "Xen.org security team" <security@xxxxxxx>
Delivery-date: Tue, 13 Nov 2012 12:56:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                 Xen Security Advisory CVE-2012-4535 / XSA-20
                                version 2

                       Timer overflow DoS vulnerability

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

A guest which sets a VCPU with an inappropriate deadline can cause an
infinite loop in Xen, blocking the affected physical CPU
indefinitely.

IMPACT
======

A malicious guest administrator can trigger the bug.  If the Xen
watchdog is enabled, the whole system will crash.  Otherwise the guest
can cause the system to become completely unresponsive.

VULNERABLE SYSTEMS
==================

All versions of Xen from at least 3.4 onwards are vulnerable, to every
kind of guest.

Systems with only trusted guest kernels are not vulnerable.

MITIGATION
==========

There is no mitigation available other than to use a trusted guest
kernel.

RESOLUTION
==========

The attached patch resolves this issue.  The same patch is applicable
to all affected versions.

$ sha256sum xsa20.patch
954f43a3b912d551b6534d3962d0bab3db820222a3bff211b545e526f9161c71  xsa20.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQokGkAAoJEIP+FMlX6CvZzB0H/2H7Z/zxYOQtC2QLT77voNvI
/dCGnO+tUxcn9zsPOTkQjTmd7XrSaCdV9IoKmssZCwTBlHzRiwvFWQBinqrU8SZb
8UCv4O1zxg4Ygv/9nlJVxI8Xq9+uyxc/RaMeKlMCsW2rSKut9zmHI9HU+FT5kqG9
0vEXhZW4/MwOFbH+03LoHgjXqW8LOLNZtBg9u5rF5iCDLnltdAC//3kFXA5UG391
JAzAdBUOOaf2OAnL4tEpEV6ksmeaxjckg63P5T61MUqiFJo/5AL5tu0kEKGHF7jH
X4tDkSoV7Rbma4kNN3SbYjAkYGtsrGDeVS7HlhPbyZpKQVUJN+bSMYto3r8lVMM=
=nj9Z
-----END PGP SIGNATURE-----

Attachment: xsa20.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability - Further bugfixes
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH] [RFC PATCH] xen: vmx: Use an INT 2 call to process real NMI's instead of self_nmi() in VMEXIT handler
Next by Date: [Xen-devel] Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability
Previous by thread: Re: [Xen-devel] [PATCH 6/7] xen/arm: flush D-cache and I-cache when appropriate
Next by thread: Re: [Xen-devel] Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability - Further bugfixes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.