[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-0231 / XSA-43
                              version 2

         Linux pciback DoS via not rate limited log messages.

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

Xen's PCI backend drivers in Linux allow a guest with assigned PCI device(s)
to cause a DoS through a flood of kernel messages, potentially affecting other
domains in the system.

IMPACT
======

A malicious guest can mount a DoS affecting the entire system.

VULNERABLE SYSTEMS
==================

All systems running guests with access to passed through PCI devices are
vulnerable.

Both mainline ("pvops") and classic-Xen patch kernels are affected.

MITIGATION
==========

This issue can be avoided by not assigning PCI devices to untrusted
guests.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa43-pvops.patch            Apply to mainline Linux 3.8-rc5.
xsa43-classic.patch          Apply to linux-2.6.18-xen tree.

$ sha256sum xsa43*.patch
4dec2d9b043bce2b8b54578573ba254fa7e6cbf4640cd100f40d8bf8a5a6a470  
xsa43-classic.patch
6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8  
xsa43-pvops.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJREQI+AAoJEIP+FMlX6CvZkoEH/2sIEO+1qLiHTde/UJznrvr8
R8MDNC5tqXVLtbPjScoTItMHaPfz33lcypz9UFknHepdwZKhRrcuqy4E79lxeXDG
BybbbbfNfJPeUG44O1fkyJTJys0xRBnAGzWInZZwq+gWRaJv+JNhzinFujvLNDJV
4m2ObnSwT1mx/9CjRxWGakKDhPcZSGmWIicyN5tueNKdWbAjSqiR/J8N5W+QJiCm
+BzjzYpfUqn0vKOlARQIMshzqFjYVTnoHFZf/4Hl7ogIibxfGGo5t05pzBoAlIgj
nTizW2Bxs9XM1NaFsZ2ESg8KVDTFSHS+jsMtdl0bWoHwRs6nNMQJJTjTPHXspCQ=
=5o5U
-----END PGP SIGNATURE-----

Attachment: xsa43-classic.patch
Description: Binary data

Attachment: xsa43-pvops.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.