Home page logo
/

oss-sec logo oss-sec mailing list archives

Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS
From: Xen.org security team <security () xen org>
Date: Thu, 26 Jul 2012 16:30:43 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                 Xen Security Advisory XSA-10

         HVM guest user mode MMIO emulation DoS vulnerability

ISSUE DESCRIPTION
=================

Internal data of the emulator for MMIO operations may, under
certain rare conditions, at the end of one emulation cycle be left
in a state affecting a subsequent emulation such that this second
emulation would fail, causing an exception to be reported to the
guest kernel where none is expected.

IMPACT
======

Guest mode unprivileged (user) code, which has been granted
the privilege to access MMIO regions, may leverage that access
to crash the whole guest.

VULNERABLE SYSTEMS
==================

All HVM guests exposing MMIO ranges to unprivileged (user) mode.

All versions of Xen which support HVM guests are vulnerable to this issue.

MITIGATION
==========

This issue can be mitigated by running PV (para-virtualised)
guests only, or by ensuring (inside the guest) that MMIO regions
can be accessed only by trustworthy processes.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

NOTE REGARDING CVE
==================

We do not yet have a CVE Candidate number for this vulnerability.

PATCH INFORMATION
=================

The attached patches resolve this issue

$ sha256sum xsa10-*.patch
f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912  xsa10-4.x.patch
fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd  xsa10-unstable.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQEWB0AAoJEIP+FMlX6CvZYhUH+wVPIAAfKPp5p5TYvY90nAbR
O427AbXKDD0Gval78ygQSIiQIrmP0l5MZdx/FsXfw5cXyNHWJDHrwzA9jXzfYeor
boFvYCjdgyeh6cBM7BR2OFgoB+v3KmMSZOSDfH87SYzZTpK1+2ImDgsoaI5cqUMN
x92bXzqohZhcG/5PBhdVaEdj3KTGCHZYwjieUdi5BbWsQry9Rzd7nV6TsRHAaBkW
+9s3XxtobMNMJyr2t7ZKO1YwfLSprpfFcZk4zfdLLFMBvvPoF7V+Pi3PJ+8S38QN
YcyhPoLgoTqSKZ7buyMux9JwSzn8yi4ETMHMTc3VGFQZQwnlNeMWVEUG2CiYVn8=
=H0Nc
-----END PGP SIGNATURE-----

Attachment: xsa10-unstable.patch
Description:

Attachment: xsa10-4.x.patch
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault