mailing list archives
Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks
From: Xen.org security team <security () xen org>
Date: Fri, 01 Nov 2013 15:25:45 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory XSA-73
Lock order reversal between page allocation and grant table locks
UPDATES IN VERSION 2
Corrected typo in xsa73-4.1.patch. The other patches were already
NOTE REGARDING LACK OF EMBARGO
While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.
The locks page_alloc_lock and grant_table.lock are not always taken in
the same order. This opens the possibility of deadlock.
A malicious guest administrator can deny service to the entire host.
Xen versions going back to at least Xen 3.2 are vulnerable.
To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.
There is no practical mitigation for this issue.
This issue was discovered by Coverity Scan and diagnosed by Andrew
Applying the appropriate attached patch resolves this issue.
xsa73-4.3-unstable.patch Xen 4.3.x, xen-unstable
xsa73-4.2.patch Xen 4.2.x
xsa73-4.1.patch Xen 4.1.x
$ sha256sum xsa73*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----