|Public release ||2013-11-01 15:07|
|Updated ||2013-11-04 13:15|
|Title ||Lock order reversal between page allocation and grant table locks|
Filesadvisory-73.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2013-4494 / XSA-73
Lock order reversal between page allocation and grant table locks
UPDATES IN VERSION 3
The issue has been assigned CVE-2013-4494.
NOTE REGARDING LACK OF EMBARGO
While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.
The locks page_alloc_lock and grant_table.lock are not always taken in
the same order. This opens the possibility of deadlock.
A malicious guest administrator can deny service to the entire host.
Xen versions going back to at least Xen 3.2 are vulnerable.
To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.
There is no practical mitigation for this issue.
This issue was discovered by Coverity Scan and diagnosed by Andrew
Applying the appropriate attached patch resolves this issue.
xsa73-4.3-unstable.patch Xen 4.3.x, xen-unstable
xsa73-4.2.patch Xen 4.2.x
xsa73-4.1.patch Xen 4.1.x
$ sha256sum xsa73*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team