[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen Security Advisory 35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-0152 / XSA-35 version 4 Nested HVM exposes host to being driven out of memory by guest UPDATES IN VERSION 4 ==================== Fix corrupt patch xsa35-4.2-with-xsa34.patch. ISSUE DESCRIPTION ================= Guests are currently permitted to enable nested virtualization on themselves. Missing error handling cleanup in the handling code makes it possible for a guest, particularly a multi-vCPU one, to repeatedly invoke this operation, thus causing a leak of - over time - unbounded amounts of memory. IMPACT ====== A malicious domain can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Only Xen 4.2 and Xen unstable are vulnerable. Xen 4.1 and earlier are not vulnerable. The vulnerability is only exposed by HVM guests. MITIGATION ========== Running only PV guests will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. To fix both XSA 34 and XSA 35, first apply xsa34-4.2.patch from XSA 34 and then *also* apply xsa35-4.2-with-xsa34.patch from this advisory. To fix this issue without addressing XSA 34, use xsa35.patch. $ sha256sum xsa35*.patch 4a103bf14dd060f702289db539a8c6c69496bdfd1de5d0c0468c3aab7b34f6a5 xsa35-4.2-with-xsa34.patch e69b01033b0fa4c3d175697566d2f0b161337e8d206654919937f77721dbf866 xsa35.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRACvBAAoJEIP+FMlX6CvZhWgH/AmojPzrSnLIPmP+kyphQeYk Yg00TDSm+rV8cmG6CE66r1WMibi1S/19yEkE6fJ1bgJtSBgcIqGls8NULPD+JvnH 6WmjktyH85LWcVbqNsjaPYAqyYOQJMMfmLDmW+ksc/SQgEH0zV4xAiA1iLIGJYRT oEjIXg/m76hjsq9u/njprxHNIJH81K84Jh4wZkR7LIdZUxJgdIRHFcNIPhjNAEfP k9jsfscuudU1bH7qJc/bJBbZFEnd6mw2zqn+M8UsLwow7A70x2JCAjCbplU1Zbxf pe1P+E9upNFrsWXQ8O365ve6owaQP/CCcEDS9o2V+Fxc8ZjJ0nYJo3WWKIxQgqk= =jAmO -----END PGP SIGNATURE----- Attachment:
xsa35-4.2-with-xsa34.patch Attachment:
xsa35.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |