-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-5510 / XSA-26 version 3 Grant table version switch list corruption vulnerability UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Downgrading the grant table version of a guest involves freeing its status pages. This freeing was incomplete - the page(s) are freed back to the allocator, but not removed from the domain's tracking list. This would cause list corruption, eventually leading to a hypervisor crash. IMPACT ====== A malicious guest administrator can cause Xen to crash, leading to a denial of service attack. VULNERABLE SYSTEMS ================== All Xen version from 4.0 on are vulnerable. Version 3.4 and earlier are not vulnerable. MITIGATION ========== Running only guests with trusted kernels will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa26-4.1.patch Xen 4.1.x xsa26-4.2.patch Xen 4.2.x xsa26-unstable.patch xen-unstable $ sha256sum xsa26*.patch b4674ddaf9a9786d5e7e5e4f248f6095e118184df581036e0531b5db5e1d645b xsa26-4.1.patch a6e2ed7bae3e62d4294fdb48e8a5418b1de8e0e690f4fea4bb430d2b7cf758e6 xsa26-4.2.patch ac2d5a82f0dba0f4213607a0e3bb9be586d90173bbadc4b402c2f19fbe4b2cf3 xsa26-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQvOJ1AAoJEIP+FMlX6CvZBHIH/jI42gGLsThzGlgkFg2aqE74 EUKIPZE4DLQNl6oTQ/fp0dfJgsQ8XHldovl4EphWK+oO0osloE2HjAY5mesOraui IIQHRkbosbDshDcSqFDndl+xjAEk1ohlGMMpSdUImIHdFF8ZJneXdK11cqxMtCKR 27ych3lDViqy0OqxFGRZpsBE0hHqU7aiL8Orr+tI4sANnd/qVfZcdqizoTRuAJX3 KOmaq+8VwoRSeppAvVgcnGkDLyCd5udRLNEenjrFo1YkC01bVIdbD59/ZwEIC6eZ iR7bvppV1nuq9WnbCkx+FVkNc9AuGwUZMOdePH2PwLYqIZGMBi9uqUD3Y0HHMoo= =OtT0 -----END PGP SIGNATURE-----