Re: Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/01/2013 09:07 AM, Xen.org security team wrote:
> Xen Security Advisory XSA-73
>
> Lock order reversal between page allocation and grant table locks
>
> NOTE REGARDING LACK OF EMBARGO ==============================
>
> While the response to this issue was being prepared by the
> security team, the bug was independently discovered by a third
> party who publicly disclosed it without realising the security
> impact.
>
> ISSUE DESCRIPTION =================
>
> The locks page_alloc_lock and grant_table.lock are not always taken
> in the same order.  This opens the possibility of deadlock.
>
> IMPACT ======
>
> A malicious guest administrator can deny service to the entire
> host.
>
> VULNERABLE SYSTEMS ==================
>
> Xen versions going back to at least Xen 3.2 are vulnerable.
>
> To exploit the vulnerability, the attacker must have control of
> more than one vcpu, either by controlling a malicious multi-vcpu
> guest, or by controlling more than one guest.
>
> MITIGATION ==========
>
> There is no practical mitigation for this issue.
>
> CREDITS =======
>
> This issue was discovered by Coverity Scan and diagnosed by Andrew 
> Cooper.
>
> RESOLUTION ==========
>
> Applying the appropriate attached patch resolves this issue.
>
> xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable xsa73-4.2.patch
> Xen 4.2.x xsa73-4.1.patch             Xen 4.1.x
>
> $ sha256sum xsa73*.patch 
> b828ff085f2dc1f2042bda1dc8a6c52b56ad1c1e3639c3efe32e5706e4ef424f
> xsa73-4.1.patch 
> 10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c
> xsa73-4.2.patch 
> 48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b
> xsa73-4.3-unstable.patch $

Please use CVE-2013-4494 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSdBSNAAoJEBYNRVNeJnmTNWMP/REouDdz04PivxYXIwjmkqTF
2sQJUt6/4Jax9i3aKWJAvB1fpqqS6T0NmtMpZ9yHihYMvTx+8Nmkpc+GRynbQrZx
t2l7Tcs7P+aHbbVFz3WUY+Z0yprUeCuKAu0GMpILijoykVOTM6IlTsRyDjWke0hl
f6oJmnhe87BnhglUJkfkLhnXUDHUAnZQjmLqznYMOqEFIxBzK+MbCYWIZ7DALerS
GtaZnt5Gqxx3KLZFJVVz1dW2AKby9vXqUwCiEH/WJ6rwsb98tVwN34yZPLPjug9k
hQQDyPKmv/FAd14ieslS88uXnP1fwofxTCbpfYTVYDP4wBropAhBueLIf32pzhrC
6GSqy2VYvFXqTmY/mKxLYqz/czG6b3DMwvCTqPOqfszOv75R0COPQIeeTmdLuI7L
ZDdP5ZNcuNVSiLJaXBi6cfiFmRtPFsFEiu4+p1nCt6f0mfia2LqpVvjfaK56FerA
R0f1LNouRm/4aBbeXtGTVTdMFprF9DDQgZlEPuATrZNjp0b3X/uxQLAtMLWDLAa9
CYpSCbv9SqGGlot6cL1m4rEtsmMRRcffz+EZUcmXF/cRIPVZxdMHJ+mHyShUALGt
LPVABCngDF3RTQqhBSZwViUaoyjo/Pora1bcMvNMZoIMxQHz18hg2961OgxOSfeg
70WfDymdz82cl4k6KZim
=uAIy
-----END PGP SIGNATURE-----