|Public release ||2013-01-04 16:00|
|Updated ||2013-01-04 16:00|
|Title ||Hypervisor crash due to incorrect ASSERT (debug build only)|
Filesadvisory-37.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2013-0154 / XSA-37
Hypervisor crash due to incorrect ASSERT (debug build only)
A change to an internal interface within the hypervisor invalidated an
ASSERT in a caller of that API. This code path is exposed to PV guests
via a hypercall allowing administrators of PV guests to crash the
hypervisor if it is built with debugging enabled.
Malicious administrators of PV guests running on hypervisors built
with the non-default debug=y option can crash the host.
Systems running Xen 4.2 and unstable are vulnerable to this issue. Xen
4.1 and earlier are not vulnerable.
Only systems built with debugging enabled are vulnerable. Debugging is
not enabled by default.
Systems running PV guests or HVM guests using stubdomains are
vulnerable. Guests which run only HVM guests without stubdomains are
Building the hypervisor without debugging enabled will completely
avoid this issue. Note that debugging is not enabled by default.
Avoiding running PV guests with untrusted administrators will also
avoid this issue
NOTE REGARDING LACK OF EMBARGO
This issue was disclosed publicly on xen-devel; the person reporting
it did not appreciate that it was a security issue. Under the
circumstances the Xen.org security team do not consider that this
advisory should be embargoed.
Applying the appropriate attached patch resolves this issue.
xsa37-4.2.patch Xen 4.2.x
$ sha256sum xsa37*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team