Xen project Mailing List

[Xen-devel] Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Tue, 13 Nov 2012 12:56:13 +0000

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Tue, 13 Nov 2012 12:56:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4537 / XSA-22 version 4 Memory mapping failure DoS vulnerability UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. IMPACT ====== A malicious guest administrator might be able to cause Xen to crash. VULNERABLE SYSTEMS ================== All versions of Xen since at least 3.4 are vulnerable. The vulnerability is only exposed to HVM guests. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. Applying the appropriate attached patch resolves this issue. xsa22-4.2-unstable.patch Xen 4.2.x, xen-unstable xsa22-4.1.patch Xen 4.1.x xsa22-4.0.patch Xen 4.0.x xsa22-3.4.patch Xen 3.4.x $ sha256sum xsa22*.patch fe21558f098340451a275c468a7b2209915676f4f41ec394970c6aa0df3d93d3 xsa22-3.4.patch b7e635ae07f31ac8ecb8732152ba66897ea6d0f5e30468e35d7c37379c7369bb xsa22-4.0.patch e699e7af6b90e60531d98f04197141c4caf5eb4cdb312a43e736830eb17d32e1 xsa22-4.1.patch 8dbf850b903179807257febe12a15cb131968e65d2e90dbd3a5f72b83d2f931a xsa22-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGpAAoJEIP+FMlX6CvZUsEIAIL7FtUpAgYTG73BXIpIoJ1h L85yaAhizzuwWAHMwLBD/oMs+OPzIXsCp4rBHI8XPQ0rf3YeHSj8uI+ta17Th1Gb KuFFlDPujh5EiE0yel8u21hgsJ7rUpA04jPeYDbVbHPVC6bywf7pkChCEPos/Ze9 gAlRVptdBXH2nGmSyMFDfoby60lDXa7ZP0KoJUyuUG69zDMzlANLiEvk/+mN4YKB W4uiaYlCeDfrCn4T8Pk9rTMdDWmCsbQpZQRqwwNXdUa/EX0Ccv/QdcppPHoylYeK DQ9GPZOtDsm4s1M/J1oPVXZI7X/vLuBwje4/hhisFFiO4kLffcKCSopSizgLlO0= =82B5 -----END PGP SIGNATURE-----

Attachment: xsa22-3.4.patch
Description: Binary data

Attachment: xsa22-4.0.patch
Description: Binary data

Attachment: xsa22-4.1.patch
Description: Binary data

Attachment: xsa22-4.2-unstable.patch
Description: Binary data

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.