Information
| Advisory | XSA-10 |
|---|
| Public release | 2012-07-26 15:21 |
|---|
| Updated | 2012-07-27 14:34 |
|---|
| Version | 2 |
|---|
| CVE(s) | CVE-2012-3432 |
|---|
| Title | HVM guest user mode MMIO emulation DoS vulnerability |
|---|
Files
advisory-10.txt (signed advisory file)
xsa10-4.x.patch
xsa10-unstable.patch
Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2012-3432 / XSA-10
version 2
HVM guest user mode MMIO emulation DoS vulnerability
UPDATES IN VERSION 2
====================
CVE candidate number assigned.
Xen versions 3.2 and earlier are not, in fact, vulnerable; they have
an entirely different emulation mechanism.
ISSUE DESCRIPTION
=================
Internal data of the emulator for MMIO operations may, under
certain rare conditions, at the end of one emulation cycle be left
in a state affecting a subsequent emulation such that this second
emulation would fail, causing an exception to be reported to the
guest kernel where none is expected.
IMPACT
======
Guest mode unprivileged (user) code, which has been granted
the privilege to access MMIO regions, may leverage that access
to crash the whole guest.
VULNERABLE SYSTEMS
==================
All HVM guests exposing MMIO ranges to unprivileged (user) mode.
Xen versions 3.3 and later are vulnerable to this issue.
MITIGATION
==========
This issue can be mitigated by running PV (para-virtualised)
guests only, or by ensuring (inside the guest) that MMIO regions
can be accessed only by trustworthy processes.
RESOLUTION
==========
Applying the appropriate attached patch will resolve the issue.
PATCH INFORMATION
=================
The attached patches resolve this issue
$ sha256sum xsa10-*.patch
f96b7849194901d7f663895f88c2ca4f4721559f1c1fe13bba515336437ab912 xsa10-4.x.patch
fb9dead017dfea99ad3e8d928582e67160c76518b7fe207d9a3324811baf06dd xsa10-unstable.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJQEqbqAAoJEIP+FMlX6CvZEhIIALkIViTZtEbQ6nWy3Y1U/sm5
BDZUPOeqF5KFV9EXQJcoKM1PGBMBgzeqA4n024k6o9mDimn0PVujSJC+2iX728Sz
WW/k5y96q2ixzTmaU0y8X5p6pl+nbCNMQ8In7WysB2XetGHY+b5b80uIVH1Sj1IS
QxrMO2HywQSUDNNQq3bD2jQjuIgewh7rMskxXiPWnlPg7MHx4D/jt/O4sP0bnZn2
kvFad8TV9aB3I1dwdI2YJ3Ng3W162Tai6i2lJB1OQUJt0sIARXeXZYVOrkkAY5Tv
SjNCCra0NZoaLjOlY0CWwqluPegJAnq1iFb5cF86nwZcoMCIh9OL+0SLyIJEAvg=
=sOWo
-----END PGP SIGNATURE-----
Xenproject.org Security Team