Re: Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/2012 09:30 AM, Xen.org security team wrote:
> Xen Security Advisory XSA-10
>
> HVM guest user mode MMIO emulation DoS vulnerability
>
> ISSUE DESCRIPTION =================
>
> Internal data of the emulator for MMIO operations may, under 
> certain rare conditions, at the end of one emulation cycle be left 
> in a state affecting a subsequent emulation such that this second 
> emulation would fail, causing an exception to be reported to the 
> guest kernel where none is expected.
>
> IMPACT ======
>
> Guest mode unprivileged (user) code, which has been granted the
> privilege to access MMIO regions, may leverage that access to crash
> the whole guest.
>
> VULNERABLE SYSTEMS ==================
>
> All HVM guests exposing MMIO ranges to unprivileged (user) mode.
>
> All versions of Xen which support HVM guests are vulnerable to this
> issue.
>
> MITIGATION ==========
>
> This issue can be mitigated by running PV (para-virtualised) guests
> only, or by ensuring (inside the guest) that MMIO regions can be
> accessed only by trustworthy processes.
>
> RESOLUTION ==========
>
> Applying the appropriate attached patch will resolve the issue.
>
> NOTE REGARDING CVE ==================
>
> We do not yet have a CVE Candidate number for this vulnerability.
>
> PATCH INFORMATION =================
>
> The attached patches resolve this issue
>
> $ sha256sum xsa10-*.patch 
> f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912
> xsa10-4.x.patch 
> fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd
> xsa10-unstable.patch

Please use CVE-2012-3432 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQEkzcAAoJEBYNRVNeJnmTBi8QANKeCCOiniLKp5+1LvYXr3rE
uV9UijoVTBu6WNtB2L9NXRrenHBvGv38+tmVVg7pCqHkU9nrzhmg4zc8qZY8LJ/V
/ZnYuVoWZ/hG+KNi8/NQIiDAiDu4Ip9NnMSW9SdYPVEFSQN4JCQufYOxjCGNzOj1
QidDoyb7i63UAFXj4nvdFmJKVYSvegI+H46vGVkQabBdZ2LXuCHYCw54ZZ0nFqKj
LU3t/468DmBn1Gk2EUdufV/NWxWpD33pjwTkMFbYH/C5cSHUMx6UUkD48EWu0YAs
MxjigqXHKiXEPsoyfULppRTaxE969MsWDhrjrptymZjasmcXl+v/opmVYT9DJ1gF
pAHU0o862p1gcdhBuk/n2DB8HFSk5MJbytDz0KzxgEDrqhFO4AIeAVq6//wXPnym
nxNTY/6MQazc+S+coiNvBAtr1sT6CWgHsd0DLLQh/PQZ1DVDKRfufd9LfI7PdPFH
gjHp81MArk39vFM5vT01Ac0aG4pj8kTwpTHwt84VL05hj6R/GcB56/526fmmgnan
6KlwufXZkZjP6lteIeidK9NVOhRId5VEL0EguQAc5z8cavl6oD1P+AaECZct+h5r
jMHxeQSf0ggQL6zRGBOU6Dlt2+Cg4FjRpWO8iGe0PlZb+XTFUsPk8/OWEKHa2Rlp
tXhMnEfhzvKZLMg53D+S
=qRMf
-----END PGP SIGNATURE-----