-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-5511 / XSA-27
version 4
several HVM operations do not validate the range of their inputs
UPDATES IN VERSION 4
====================
Public release.
ISSUE DESCRIPTION
=================
Several HVM control operations do not check the size of their inputs
and can tie up a physical CPU for extended periods of time.
In addition dirty video RAM tracking involves clearing the bitmap
provided by the domain controlling the guest (e.g. dom0 or a
stubdom). If the size of that bitmap is overly large, an intermediate
variable on the hypervisor stack may overflow that stack.
IMPACT
======
A malicious guest administrator can cause Xen to become unresponsive
or to crash leading in either case to a Denial of Service.
VULNERABLE SYSTEMS
==================
All Xen versions from 3.4 onwards are vulnerable.
However Xen 4.2 and unstable are not vulnerable to the stack
overflow. Systems running either of these are not vulnerable to the
crash.
Version 3.4, 4.0 and 4.1 are vulnerable to both the stack overflow and
the physical CPU hang.
The vulnerability is only exposed to HVM guests.
MITIGATION
==========
Running only PV guests will avoid this vulnerability.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa27-4.1.patch Xen 4.1.x
xsa27-4.2.patch Xen 4.2.x
xsa27-4.unstable.patch xen-unstable
$ sha256sum xsa27*.patch
7443da829a7b2dd4b5e0b8db97a8b569e7c10d908ee7c34fa60bc2ddd781be57 xsa27-4.1.patch
462eae827944d1d337a6ebf13a36ea952d7fb76b993b9c29946e1d9cfb5ea2a3 xsa27-4.2.patch
fcb07c6bd78a0d9513a68e2eb3bf0c21ef4d8ff0e6ebf6fdce04a3170303cab6 xsa27-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQvOJ2AAoJEIP+FMlX6CvZzqwIAJwIUGfXDA0KvJ/zZWAJm49Q
c5Sn5xK1wZdGdJTlCqAGZSMOmaUP6tofqEWanb6nOg2vRAk7HlDz1JbUw5P8E3H9
mTT9Ro8rOhAIhgD0joT4i2XE77OTuLF85JK0M0fn2XPdUNFraChYUGthXj9+irlc
FOhrLnXBlo34h7V7nY9XGIKAwcYUQnR7RcPasKOCO1OGEYofWKJOSKR9wrIhXiMN
Q2svs4J1+PxNdKpErS+mMwEbnYHBcmxxEZXWktB9plzSqf5FMP4yQ3C5wTu/zrYH
nu8Jj2JNV3NTnZgcviUBysTR+1s+JgVjLU3gtxebh2caqjSKyenPU2yYna5rlfY=
=tfAP
-----END PGP SIGNATURE-----
Hash: SHA1
Xen Security Advisory CVE-2012-5511 / XSA-27
version 4
several HVM operations do not validate the range of their inputs
UPDATES IN VERSION 4
====================
Public release.
ISSUE DESCRIPTION
=================
Several HVM control operations do not check the size of their inputs
and can tie up a physical CPU for extended periods of time.
In addition dirty video RAM tracking involves clearing the bitmap
provided by the domain controlling the guest (e.g. dom0 or a
stubdom). If the size of that bitmap is overly large, an intermediate
variable on the hypervisor stack may overflow that stack.
IMPACT
======
A malicious guest administrator can cause Xen to become unresponsive
or to crash leading in either case to a Denial of Service.
VULNERABLE SYSTEMS
==================
All Xen versions from 3.4 onwards are vulnerable.
However Xen 4.2 and unstable are not vulnerable to the stack
overflow. Systems running either of these are not vulnerable to the
crash.
Version 3.4, 4.0 and 4.1 are vulnerable to both the stack overflow and
the physical CPU hang.
The vulnerability is only exposed to HVM guests.
MITIGATION
==========
Running only PV guests will avoid this vulnerability.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa27-4.1.patch Xen 4.1.x
xsa27-4.2.patch Xen 4.2.x
xsa27-4.unstable.patch xen-unstable
$ sha256sum xsa27*.patch
7443da829a7b2dd4b5e0b8db97a8b569e7c10d908ee7c34fa60bc2ddd781be57 xsa27-4.1.patch
462eae827944d1d337a6ebf13a36ea952d7fb76b993b9c29946e1d9cfb5ea2a3 xsa27-4.2.patch
fcb07c6bd78a0d9513a68e2eb3bf0c21ef4d8ff0e6ebf6fdce04a3170303cab6 xsa27-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQvOJ2AAoJEIP+FMlX6CvZzqwIAJwIUGfXDA0KvJ/zZWAJm49Q
c5Sn5xK1wZdGdJTlCqAGZSMOmaUP6tofqEWanb6nOg2vRAk7HlDz1JbUw5P8E3H9
mTT9Ro8rOhAIhgD0joT4i2XE77OTuLF85JK0M0fn2XPdUNFraChYUGthXj9+irlc
FOhrLnXBlo34h7V7nY9XGIKAwcYUQnR7RcPasKOCO1OGEYofWKJOSKR9wrIhXiMN
Q2svs4J1+PxNdKpErS+mMwEbnYHBcmxxEZXWktB9plzSqf5FMP4yQ3C5wTu/zrYH
nu8Jj2JNV3NTnZgcviUBysTR+1s+JgVjLU3gtxebh2caqjSKyenPU2yYna5rlfY=
=tfAP
-----END PGP SIGNATURE-----
Attached Files:
-
xsa27-4.1.patch (5.68 KB)
-
xsa27-4.2.patch (4.34 KB)
-
xsa27-unstable.patch (3.58 KB)