Home page logo
/

oss-sec logo oss-sec mailing list archives

Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs
From: Xen.org security team <security () xen org>
Date: Mon, 03 Dec 2012 17:51:48 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2012-5525 / XSA-32
                              version 4

             several hypercalls do not validate input GFNs

UPDATES IN VERSION 4
====================

Public release.

ISSUE DESCRIPTION
=================

The function get_page_from_gfn does not validate its input GFN. An
invalid GFN passed to a hypercall which uses this function will cause
the hypervisor to read off the end of the frame table and potentially
crash.

IMPACT
======

A malicious guest administrator of a PV guest can cause Xen to crash.
If the out of bounds access does not lead to a crash, a carefully
crafted privilege escalation cannot be excluded, even though the guest
doesn't itself control the values written.

VULNERABLE SYSTEMS
==================

Only Xen 4.2 and Xen unstable are vulnerable. Xen 4.1 and earlier are
not vulnerable.

The vulnerability is exposed only to PV guests.

MITIGATION
==========

Running only trusted PV guest kernels will avoid this vulnerability.

Running only HVM guests will avoid this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa32-4.2.patch             Xen 4.2.x, xen-unstable
xsa32-unstable.patch        xen-unstable


$ sha256sum xsa32*.patch
ad25c9298b543ef7af40e9f09cae232d36efc1932804678355ab724a19e3afd9  xsa32-4.2.patch
734cff82a93f032165ef26633acb30a499cc063141c2b16fccb294703718fcb0  xsa32-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQvOWxAAoJEIP+FMlX6CvZ9uUH/RM5PGHxWTuFv11kAEJAaQK7
m3dB9GZvjRo/zcRTrSQX2JCumM8rwXffNR9oUHQkC3WxRPjyNRdsiI02sSRLSDAh
q2tsalK1PpFNX2DRrOezWrkBA2zR7pnGe3sCzgO3sGGpqMMoG5+u6/IcZHu86LGm
zk+e0hMHtuurz6+uB0w8TJoLge4XSTw0K3ck70vCL4ysKmyOcEWcAgDmNA+OwnQ8
duw4UGkXLrxCF1X7RbAh31lUWPSLxPvxsytja+78/9ggpQRxZkF5x6T4oABcZ7jg
vjzYkNN3MdN41RIbmZps1SECLm/SKoOvsBxfOJArf0DYgVmJloxZrLK4TyquCDk=
=oEp3
-----END PGP SIGNATURE-----

Attachment: xsa32-4.2.patch
Description:

Attachment: xsa32-unstable.patch
Description:


  By Date           By Thread  

Current thread:
  • Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs Xen . org security team (Dec 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]