-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-0152 / XSA-35
version 3
Nested HVM exposes host to being driven out of memory by guest
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
Guests are currently permitted to enable nested virtualization on
themselves. Missing error handling cleanup in the handling code makes
it possible for a guest, particularly a multi-vCPU one, to repeatedly
invoke this operation, thus causing a leak of - over time - unbounded
amounts of memory.
IMPACT
======
A malicious domain can mount a denial of service attack affecting the
whole system.
VULNERABLE SYSTEMS
==================
Only Xen 4.2 and Xen unstable are vulnerable. Xen 4.1 and earlier are
not vulnerable.
The vulnerability is only exposed by HVM guests.
MITIGATION
==========
Running only PV guests will avoid this vulnerability.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
To fix both XSA 34 and XSA 35, first apply xsa34-4.2.patch from XSA 34
and then *also* apply xsa35-4.2-with-xsa34.patch from this advisory.
To fix this issue without addressing XSA 34, use xsa35.patch.
$ sha256sum xsa35*.patch
8372322e986bc2210f0d35b4d35a029301bd28fc1dffb789dff1436eb2024723 xsa35-4.2-with-xsa34.patch
e69b01033b0fa4c3d175697566d2f0b161337e8d206654919937f77721dbf866 xsa35.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQ/ny+AAoJEIP+FMlX6CvZajwIAJ2/2xGmEbI44LFJ4rGehOY8
CZRlTzyPLUt1eVk6lD7qwX1ondGEAsFwLrZdFp+c08Cle7o2RT502EwptPGIRhkc
8pPjOgqWr/YjHC/B0VAoCZOF08HsIpDU2wiaxKhcFODNoeUb2z01OL5G+7I60HzV
54F70rCBx229Myhq9zqCV4a1XW+73k6NL7bpRICAME5fDy+8q4gcF0UDLv6MZmNV
PB9Ey2kiH6TMZO4Si+ekF4GQzfvje5/xTU/v0bHq6r7SxhHXq4aJ5e6jER0vlTsr
0HbE5uG/4LimCmc77q0ZiHOGg61gc/V1imfsUOTnnfaifw4qReCQHXpMAOdg9Ww=
=O88v
-----END PGP SIGNATURE-----
Hash: SHA1
Xen Security Advisory CVE-2013-0152 / XSA-35
version 3
Nested HVM exposes host to being driven out of memory by guest
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
Guests are currently permitted to enable nested virtualization on
themselves. Missing error handling cleanup in the handling code makes
it possible for a guest, particularly a multi-vCPU one, to repeatedly
invoke this operation, thus causing a leak of - over time - unbounded
amounts of memory.
IMPACT
======
A malicious domain can mount a denial of service attack affecting the
whole system.
VULNERABLE SYSTEMS
==================
Only Xen 4.2 and Xen unstable are vulnerable. Xen 4.1 and earlier are
not vulnerable.
The vulnerability is only exposed by HVM guests.
MITIGATION
==========
Running only PV guests will avoid this vulnerability.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
To fix both XSA 34 and XSA 35, first apply xsa34-4.2.patch from XSA 34
and then *also* apply xsa35-4.2-with-xsa34.patch from this advisory.
To fix this issue without addressing XSA 34, use xsa35.patch.
$ sha256sum xsa35*.patch
8372322e986bc2210f0d35b4d35a029301bd28fc1dffb789dff1436eb2024723 xsa35-4.2-with-xsa34.patch
e69b01033b0fa4c3d175697566d2f0b161337e8d206654919937f77721dbf866 xsa35.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQ/ny+AAoJEIP+FMlX6CvZajwIAJ2/2xGmEbI44LFJ4rGehOY8
CZRlTzyPLUt1eVk6lD7qwX1ondGEAsFwLrZdFp+c08Cle7o2RT502EwptPGIRhkc
8pPjOgqWr/YjHC/B0VAoCZOF08HsIpDU2wiaxKhcFODNoeUb2z01OL5G+7I60HzV
54F70rCBx229Myhq9zqCV4a1XW+73k6NL7bpRICAME5fDy+8q4gcF0UDLv6MZmNV
PB9Ey2kiH6TMZO4Si+ekF4GQzfvje5/xTU/v0bHq6r7SxhHXq4aJ5e6jER0vlTsr
0HbE5uG/4LimCmc77q0ZiHOGg61gc/V1imfsUOTnnfaifw4qReCQHXpMAOdg9Ww=
=O88v
-----END PGP SIGNATURE-----