oss-sec mailing list archives
Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 01 Nov 2013 14:52:29 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/01/2013 09:07 AM, Xen.org security team wrote:
Xen Security Advisory XSA-73 Lock order reversal between page allocation and grant table locks NOTE REGARDING LACK OF EMBARGO ============================== While the response to this issue was being prepared by the security team, the bug was independently discovered by a third party who publicly disclosed it without realising the security impact. ISSUE DESCRIPTION ================= The locks page_alloc_lock and grant_table.lock are not always taken in the same order. This opens the possibility of deadlock. IMPACT ====== A malicious guest administrator can deny service to the entire host. VULNERABLE SYSTEMS ================== Xen versions going back to at least Xen 3.2 are vulnerable. To exploit the vulnerability, the attacker must have control of more than one vcpu, either by controlling a malicious multi-vcpu guest, or by controlling more than one guest. MITIGATION ========== There is no practical mitigation for this issue. CREDITS ======= This issue was discovered by Coverity Scan and diagnosed by Andrew Cooper. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa73-4.3-unstable.patch Xen 4.3.x, xen-unstable xsa73-4.2.patch Xen 4.2.x xsa73-4.1.patch Xen 4.1.x $ sha256sum xsa73*.patch b828ff085f2dc1f2042bda1dc8a6c52b56ad1c1e3639c3efe32e5706e4ef424f xsa73-4.1.patch 10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c xsa73-4.2.patch 48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b xsa73-4.3-unstable.patch $
Please use CVE-2013-4494 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSdBSNAAoJEBYNRVNeJnmTNWMP/REouDdz04PivxYXIwjmkqTF 2sQJUt6/4Jax9i3aKWJAvB1fpqqS6T0NmtMpZ9yHihYMvTx+8Nmkpc+GRynbQrZx t2l7Tcs7P+aHbbVFz3WUY+Z0yprUeCuKAu0GMpILijoykVOTM6IlTsRyDjWke0hl f6oJmnhe87BnhglUJkfkLhnXUDHUAnZQjmLqznYMOqEFIxBzK+MbCYWIZ7DALerS GtaZnt5Gqxx3KLZFJVVz1dW2AKby9vXqUwCiEH/WJ6rwsb98tVwN34yZPLPjug9k hQQDyPKmv/FAd14ieslS88uXnP1fwofxTCbpfYTVYDP4wBropAhBueLIf32pzhrC 6GSqy2VYvFXqTmY/mKxLYqz/czG6b3DMwvCTqPOqfszOv75R0COPQIeeTmdLuI7L ZDdP5ZNcuNVSiLJaXBi6cfiFmRtPFsFEiu4+p1nCt6f0mfia2LqpVvjfaK56FerA R0f1LNouRm/4aBbeXtGTVTdMFprF9DDQgZlEPuATrZNjp0b3X/uxQLAtMLWDLAa9 CYpSCbv9SqGGlot6cL1m4rEtsmMRRcffz+EZUcmXF/cRIPVZxdMHJ+mHyShUALGt LPVABCngDF3RTQqhBSZwViUaoyjo/Pora1bcMvNMZoIMxQHz18hg2961OgxOSfeg 70WfDymdz82cl4k6KZim =uAIy -----END PGP SIGNATURE-----
Current thread:
- Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Xen . org security team (Nov 01)
- Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Kurt Seifried (Nov 01)
- <Possible follow-ups>
- Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks Xen . org security team (Nov 01)