Home page logo
/

oss-sec logo oss-sec mailing list archives

Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks
From: Xen.org security team <security () xen org>
Date: Fri, 01 Nov 2013 15:25:45 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Xen Security Advisory XSA-73
                              version 2

    Lock order reversal between page allocation and grant table locks

UPDATES IN VERSION 2
====================

Corrected typo in xsa73-4.1.patch. The other patches were already
correct.

NOTE REGARDING LACK OF EMBARGO
==============================

While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.

ISSUE DESCRIPTION
=================

The locks page_alloc_lock and grant_table.lock are not always taken in
the same order.  This opens the possibility of deadlock.

IMPACT
======

A malicious guest administrator can deny service to the entire host.

VULNERABLE SYSTEMS
==================

Xen versions going back to at least Xen 3.2 are vulnerable.

To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.

MITIGATION
==========

There is no practical mitigation for this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa73-4.3-unstable.patch    Xen 4.3.x, xen-unstable
xsa73-4.2.patch             Xen 4.2.x
xsa73-4.1.patch             Xen 4.1.x

$ sha256sum xsa73*.patch
c9284e2c12b1c4f8c63d11b8802b4f408e6623f857f120b04e47840f433e4823  xsa73-4.1.patch
10b809c39582a7f29150f0635b78bc2ce40df0bded963b78f42db3e21775da8c  xsa73-4.2.patch
48411cd6b15e4e4fa3c4335298179a4b1094c5e1ae8dc7582bbfb9439d97037b  xsa73-4.3-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSc8fSAAoJEIP+FMlX6CvZeRUH/Rn+MT2Xj1zteuIs89cLZOBc
5ieh44Nqulyn/kQU+j7tzmq0urzt5w0VEiL7CWDxXe6KktzKZDnZTkXDSXr13sxU
pIM682cpaSsGvDFDSKdc6x03cNQ3P+FSrz/uWEWmCFjOuqRT839RkY3NbkC6mhaH
O9JUW+uojphJ3TJDfmvl9xsN4W6A3H8SvJp71c6LNGMTUXfAsOahNnrlJev+s8Pu
OruXzqVFzOpU1BbWYAakhSgUg/5+FTCcR+ZUN4AgMHgetnXIbR0qGtvWGEP9kTVt
wOK/mgAA7T4yHyTySmmVHc/BN422e0xv045Zr25AI2WrteLnpo4gj5GJBuAilEU=
=RHfD
-----END PGP SIGNATURE-----

Attachment: xsa73-4.1.patch
Description:

Attachment: xsa73-4.2.patch
Description:

Attachment: xsa73-4.3-unstable.patch
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]