-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1918 / XSA-45 version 2 Several long latency operations are not preemptible UPDATES IN VERSION 2 ==================== Patches for xen-unstable refreshed to apply on top of xen.git#staging commit 9626d1c1. Public release. ISSUE DESCRIPTION ================= Page table manipulation operations for PV guests can take significant amounts of time, as they require all present branches to have their type (and thus contents) verified. While the most frequently used operations had been made preemptible in the past, some code paths involving potentially deep page table traversal were still trying to do their entire work in a single step. IMPACT ====== Malicious or buggy PV guest kernels can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== All Xen versions are vulnerable. The vulnerability is only exposed by PV guests. MITIGATION ========== Running only HVM guests, or PV guests with trusted kernels, will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch series resolves this issue. xsa45-4.1-*.patch Xen 4.1.x xsa45-4.2-*.patch Xen 4.2.x xsa45-unstable-*.patch xen-unstable $ sha256sum xsa45*.patch 9a77ffcf6af68bb578ce99aa86778767b9df89409b4ce398d9cf6ae603b60f99 xsa45-4.1-01-vcpu-destroy-pagetables-preemptible.patch ad534cd15f83c81bc37d15f08f85cb902796494f788dc9d424ade75bd6f62114 xsa45-4.1-02-new-guest-cr3-preemptible.patch 13626e949abf555971e6696c6ddaccbab33a479e88b6ed6206e9f90a4b720090 xsa45-4.1-03-new-user-base-preemptible.patch 52ee804acae32c7b8233a0fae19ac563ae9f89ba0fd83451fe907d907f8f78eb xsa45-4.1-04-vcpu-reset-preemptible.patch aa5b1d56a72dcd44d6523d272328418ed1eb03f818a8c6d359d0b371e75884e5 xsa45-4.1-05-set-info-guest-preemptible.patch b218608e388eacf4af4707ec2e395b8147e650217dfc0070a69221327b1a802b xsa45-4.1-06-unpin-preemptible.patch a16ff16c6bd627588606141c94c74694d9f15a65a234dfec366796778d61b77f xsa45-4.1-07-mm-error-paths-preemptible.patch 760d8502747f2c03fb3bf6b683994860ae99b66a2fb6bbedebcc5b440404c404 xsa45-4.2-01-vcpu-destroy-pagetables-preemptible.patch e8e20bc35017bbfa350c29cef848e294acc782c3eae8082e629b020563b3a2c1 xsa45-4.2-02-new-guest-cr3-preemptible.patch 8f2efcd018179ff8abdd54164980fdb0d25968017aaf91947ff0a326a132cd90 xsa45-4.2-03-new-user-base-preemptible.patch 6eaefb1987f1ccf891cd68c03e9966bc7ccc6fd894ed2c366aa4a0d1f3a15459 xsa45-4.2-04-vcpu-reset-preemptible.patch 406e3bd7147fea805bdf6f201bc17322cd2cd662ede094b1a039ba71b095bb3e xsa45-4.2-05-set-info-guest-preemptible.patch 6e4344e3dcb544537bbef869a34cff38a4611cddc34d18469633d3b3d35db78b xsa45-4.2-06-unpin-preemptible.patch 7fca1b6025d6ac1a444333b2fe1381af093ca601ac8045f68a29c2a83d520e48 xsa45-4.2-07-mm-error-paths-preemptible.patch 530671cc49c2c932ddf63f02500a918a96e4b771d2faf34ef08ca7370cda5b0e xsa45-unstable-01-vcpu-destroy-pagetables-preemptible.patch 5938d69fbf4c69d598c073e942da5738790609d1b44fe2cb659fcc51d38b7b3d xsa45-unstable-02-new-guest-cr3-preemptible.patch 42c218484f38655d7b2fae0ecaac8178c0b1599a6b816512137d1ba50226b142 xsa45-unstable-03-new-user-base-preemptible.patch 5b3bf55c9f8137f20c192c9961031064d960599526c8617eb348394ee4af2f66 xsa45-unstable-04-vcpu-reset-preemptible.patch 95616fb041f79a0f9e792e613d8fd8c1d254d0875e32f78b9a98cebd2a28a870 xsa45-unstable-05-set-info-guest-preemptible.patch 1bcf73a162605efca8ba1422dd40e431cc5f667d97418c735eb5f9230fadef95 xsa45-unstable-06-unpin-preemptible.patch ce3c0f2b767553103d5afa70148b527dbe8f2320b19733f4474da2835813b16f xsa45-unstable-07-mm-error-paths-preemptible.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRgmx5AAoJEIP+FMlX6CvZZAYH+wWjoD7gudFJI3NgOZSRwfQW ptXqA+s/hYzjkQHLCYkRqMx7oonAo40XYfARzsQWZy8eQvxc/EaIQezz+WFJrIx+ 1D0wPppD2bBhDOOuhUVkftaE3jPdv4BbC1WwZZa96j9jfcRZzdgBtigeUEGmZ+pw M/Vx2e179dy/EzSBHWnaHLK4X1lf1NF7i+OMFKj6XctUrs6ZvXcu+KA8VyVl8kAj a+dcZNDHRkQGMNuFhtIW3NSxpcencB1i0SbkcbeWhMHRdu48G1a+Cyds2UXZKHyy B5Voc3VQtyCwwCKZ7N9zy7cvf+8cAJ8C45h26TscuRqRO5pu9tim0IAoxh9d/zM= =PK/a -----END PGP SIGNATURE-----