|
Message-ID: <E1T9C4K-0003Su-2p@mariner.uk.xensource.com>
Date: Wed, 5 Sep 2012 10:38:44 +0100
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg
vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-3494 / XSA-12
version 3
hypercall set_debugreg vulnerability
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
set_debugreg allows writes to reserved bits of the DR7 debug control
register on x86-64.
IMPACT
======
A malicious guest can cause the host to crash, leading to a DoS.
If the vulnerable hypervisor is run on future hardware, the impact of
the vulnerability might be widened depending on the future assignment
of the currently-reserved debug register bits.
VULNERABLE SYSTEMS
==================
All systems running 64-bit paravirtualised guests.
The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.
MITIGATION
==========
This issue can be mitigated by ensuring (inside the guest) that the
kernel is trustworthy, or by running only 32-bit or HVM guests.
RESOLUTION
==========
Applying the appropriate attached patch will resolve the issue.
PATCH INFORMATION
=================
The attached patch resolves this issue:
Xen unstable, 4.1 and 4.0 xsa12-all.patch
$ sha256sum xsa12-all.patch
2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13 xsa12-all.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQRx0+AAoJEIP+FMlX6CvZnMAH/0fcm9nfiChokydCyqXgdKtJ
U2NqeqKzEP6emwLE+cvc+2EBP40fiBXsNATVdXc6Vx15eyzSMfJD3ndYF9OaKMVH
MVP6KU/tyK1G/9WgQK9PHBj/Kzp8hwrY0Qw45od7z+R7XMGieLH9l1O1xwkNCYDw
R8Xy2GI9IqsXLNpwy3BFYSyGYIX9o8/aBx4ZxHCV8H0OYUWv5hDGZZVXPDqGm11c
N+qmUaPV2QlW8Aoww1SiwW5E+/CpyJT5+awEMgZ4IOHPbCBXJfyXbw4aMM2q5Soe
mStqvPKL4H10SahaygdjxO+e4NqCHao0rYUXXpUr+aikIXvEearukp3FezR5IUE=
=/LmZ
-----END PGP SIGNATURE-----
Download attachment "xsa12-all.patch" of type "application/octet-stream" (1011 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.