Information

AdvisoryXSA-45
Public release 2013-05-02 12:00
Updated 2013-05-02 13:54
Version 2
CVE(s) CVE-2013-1918
Title Several long latency operations are not preemptible

Files

advisory-45.txt (signed advisory file)
xsa45-4.1-01-vcpu-destroy-pagetables-preemptible.patch
xsa45-4.1-02-new-guest-cr3-preemptible.patch
xsa45-4.1-03-new-user-base-preemptible.patch
xsa45-4.1-04-vcpu-reset-preemptible.patch
xsa45-4.1-05-set-info-guest-preemptible.patch
xsa45-4.1-06-unpin-preemptible.patch
xsa45-4.1-07-mm-error-paths-preemptible.patch
xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch
xsa45-4.2-02-new-guest-cr3-preemptible.patch
xsa45-4.2-03-new-user-base-preemptible.patch
xsa45-4.2-04-vcpu-reset-preemptible.patch
xsa45-4.2-05-set-info-guest-preemptible.patch
xsa45-4.2-06-unpin-preemptible.patch
xsa45-4.2-07-mm-error-paths-preemptible.patch
xsa45-unstable-01-vcpu-destroy-pagetables-preemptible.patch
xsa45-unstable-02-new-guest-cr3-preemptible.patch
xsa45-unstable-03-new-user-base-preemptible.patch
xsa45-unstable-04-vcpu-reset-preemptible.patch
xsa45-unstable-05-set-info-guest-preemptible.patch
xsa45-unstable-06-unpin-preemptible.patch
xsa45-unstable-07-mm-error-paths-preemptible.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-1918 / XSA-45
                              version 2

          Several long latency operations are not preemptible

UPDATES IN VERSION 2
====================

Patches for xen-unstable refreshed to apply on top of xen.git#staging
commit 9626d1c1.

Public release.

ISSUE DESCRIPTION
=================

Page table manipulation operations for PV guests can take significant
amounts of time, as they require all present branches to have their
type (and thus contents) verified. While the most frequently used
operations had been made preemptible in the past, some code paths
involving potentially deep page table traversal were still trying to
do their entire work in a single step.

IMPACT
======

Malicious or buggy PV guest kernels can mount a denial of service attack
affecting the whole system.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

The vulnerability is only exposed by PV guests.

MITIGATION
==========

Running only HVM guests, or PV guests with trusted kernels, will avoid
this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patch series resolves this issue.

xsa45-4.1-*.patch             Xen 4.1.x
xsa45-4.2-*.patch             Xen 4.2.x
xsa45-unstable-*.patch        xen-unstable

$ sha256sum xsa45*.patch
9a77ffcf6af68bb578ce99aa86778767b9df89409b4ce398d9cf6ae603b60f99  xsa45-4.1-01-vcpu-destroy-pagetables-preemptible.patch
ad534cd15f83c81bc37d15f08f85cb902796494f788dc9d424ade75bd6f62114  xsa45-4.1-02-new-guest-cr3-preemptible.patch
13626e949abf555971e6696c6ddaccbab33a479e88b6ed6206e9f90a4b720090  xsa45-4.1-03-new-user-base-preemptible.patch
52ee804acae32c7b8233a0fae19ac563ae9f89ba0fd83451fe907d907f8f78eb  xsa45-4.1-04-vcpu-reset-preemptible.patch
aa5b1d56a72dcd44d6523d272328418ed1eb03f818a8c6d359d0b371e75884e5  xsa45-4.1-05-set-info-guest-preemptible.patch
b218608e388eacf4af4707ec2e395b8147e650217dfc0070a69221327b1a802b  xsa45-4.1-06-unpin-preemptible.patch
a16ff16c6bd627588606141c94c74694d9f15a65a234dfec366796778d61b77f  xsa45-4.1-07-mm-error-paths-preemptible.patch
760d8502747f2c03fb3bf6b683994860ae99b66a2fb6bbedebcc5b440404c404  xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch
e8e20bc35017bbfa350c29cef848e294acc782c3eae8082e629b020563b3a2c1  xsa45-4.2-02-new-guest-cr3-preemptible.patch
8f2efcd018179ff8abdd54164980fdb0d25968017aaf91947ff0a326a132cd90  xsa45-4.2-03-new-user-base-preemptible.patch
6eaefb1987f1ccf891cd68c03e9966bc7ccc6fd894ed2c366aa4a0d1f3a15459  xsa45-4.2-04-vcpu-reset-preemptible.patch
406e3bd7147fea805bdf6f201bc17322cd2cd662ede094b1a039ba71b095bb3e  xsa45-4.2-05-set-info-guest-preemptible.patch
6e4344e3dcb544537bbef869a34cff38a4611cddc34d18469633d3b3d35db78b  xsa45-4.2-06-unpin-preemptible.patch
7fca1b6025d6ac1a444333b2fe1381af093ca601ac8045f68a29c2a83d520e48  xsa45-4.2-07-mm-error-paths-preemptible.patch
530671cc49c2c932ddf63f02500a918a96e4b771d2faf34ef08ca7370cda5b0e  xsa45-unstable-01-vcpu-destroy-pagetables-preemptible.patch
5938d69fbf4c69d598c073e942da5738790609d1b44fe2cb659fcc51d38b7b3d  xsa45-unstable-02-new-guest-cr3-preemptible.patch
42c218484f38655d7b2fae0ecaac8178c0b1599a6b816512137d1ba50226b142  xsa45-unstable-03-new-user-base-preemptible.patch
5b3bf55c9f8137f20c192c9961031064d960599526c8617eb348394ee4af2f66  xsa45-unstable-04-vcpu-reset-preemptible.patch
95616fb041f79a0f9e792e613d8fd8c1d254d0875e32f78b9a98cebd2a28a870  xsa45-unstable-05-set-info-guest-preemptible.patch
1bcf73a162605efca8ba1422dd40e431cc5f667d97418c735eb5f9230fadef95  xsa45-unstable-06-unpin-preemptible.patch
ce3c0f2b767553103d5afa70148b527dbe8f2320b19733f4474da2835813b16f  xsa45-unstable-07-mm-error-paths-preemptible.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRgmx5AAoJEIP+FMlX6CvZZAYH+wWjoD7gudFJI3NgOZSRwfQW
ptXqA+s/hYzjkQHLCYkRqMx7oonAo40XYfARzsQWZy8eQvxc/EaIQezz+WFJrIx+
1D0wPppD2bBhDOOuhUVkftaE3jPdv4BbC1WwZZa96j9jfcRZzdgBtigeUEGmZ+pw
M/Vx2e179dy/EzSBHWnaHLK4X1lf1NF7i+OMFKj6XctUrs6ZvXcu+KA8VyVl8kAj
a+dcZNDHRkQGMNuFhtIW3NSxpcencB1i0SbkcbeWhMHRdu48G1a+Cyds2UXZKHyy
B5Voc3VQtyCwwCKZ7N9zy7cvf+8cAJ8C45h26TscuRqRO5pu9tim0IAoxh9d/zM=
=PK/a
-----END PGP SIGNATURE-----


Xenproject.org Security Team