oss-sec mailing list archives
Re: Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 27 Jul 2012 02:10:04 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/26/2012 09:30 AM, Xen.org security team wrote:
Xen Security Advisory XSA-10 HVM guest user mode MMIO emulation DoS vulnerability ISSUE DESCRIPTION ================= Internal data of the emulator for MMIO operations may, under certain rare conditions, at the end of one emulation cycle be left in a state affecting a subsequent emulation such that this second emulation would fail, causing an exception to be reported to the guest kernel where none is expected. IMPACT ====== Guest mode unprivileged (user) code, which has been granted the privilege to access MMIO regions, may leverage that access to crash the whole guest. VULNERABLE SYSTEMS ================== All HVM guests exposing MMIO ranges to unprivileged (user) mode. All versions of Xen which support HVM guests are vulnerable to this issue. MITIGATION ========== This issue can be mitigated by running PV (para-virtualised) guests only, or by ensuring (inside the guest) that MMIO regions can be accessed only by trustworthy processes. RESOLUTION ========== Applying the appropriate attached patch will resolve the issue. NOTE REGARDING CVE ================== We do not yet have a CVE Candidate number for this vulnerability. PATCH INFORMATION ================= The attached patches resolve this issue $ sha256sum xsa10-*.patch f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912 xsa10-4.x.patch fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd xsa10-unstable.patch
Please use CVE-2012-3432 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQEkzcAAoJEBYNRVNeJnmTBi8QANKeCCOiniLKp5+1LvYXr3rE uV9UijoVTBu6WNtB2L9NXRrenHBvGv38+tmVVg7pCqHkU9nrzhmg4zc8qZY8LJ/V /ZnYuVoWZ/hG+KNi8/NQIiDAiDu4Ip9NnMSW9SdYPVEFSQN4JCQufYOxjCGNzOj1 QidDoyb7i63UAFXj4nvdFmJKVYSvegI+H46vGVkQabBdZ2LXuCHYCw54ZZ0nFqKj LU3t/468DmBn1Gk2EUdufV/NWxWpD33pjwTkMFbYH/C5cSHUMx6UUkD48EWu0YAs MxjigqXHKiXEPsoyfULppRTaxE969MsWDhrjrptymZjasmcXl+v/opmVYT9DJ1gF pAHU0o862p1gcdhBuk/n2DB8HFSk5MJbytDz0KzxgEDrqhFO4AIeAVq6//wXPnym nxNTY/6MQazc+S+coiNvBAtr1sT6CWgHsd0DLLQh/PQZ1DVDKRfufd9LfI7PdPFH gjHp81MArk39vFM5vT01Ac0aG4pj8kTwpTHwt84VL05hj6R/GcB56/526fmmgnan 6KlwufXZkZjP6lteIeidK9NVOhRId5VEL0EguQAc5z8cavl6oD1P+AaECZct+h5r jMHxeQSf0ggQL6zRGBOU6Dlt2+Cg4FjRpWO8iGe0PlZb+XTFUsPk8/OWEKHa2Rlp tXhMnEfhzvKZLMg53D+S =qRMf -----END PGP SIGNATURE-----
Current thread:
- Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Xen . org security team (Jul 26)
- Re: Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Kurt Seifried (Jul 27)