Information

Files

Advisory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2012-3494 / XSA-12
                             version 3

	      hypercall set_debugreg vulnerability

UPDATES IN VERSION 3
====================

Public release.

Update version tag format.

ISSUE DESCRIPTION
=================

set_debugreg allows writes to reserved bits of the DR7 debug control
register on x86-64.

IMPACT
======

A malicious guest can cause the host to crash, leading to a DoS.

If the vulnerable hypervisor is run on future hardware, the impact of
the vulnerability might be widened depending on the future assignment
of the currently-reserved debug register bits.

VULNERABLE SYSTEMS
==================

All systems running 64-bit paravirtualised guests.

The vulnerability dates back to at least Xen 4.0.  4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.

MITIGATION
==========

This issue can be mitigated by ensuring (inside the guest) that the
kernel is trustworthy, or by running only 32-bit or HVM guests.

RESOLUTION
==========

Applying the appropriate attached patch will resolve the issue.

PATCH INFORMATION
=================

The attached patch resolves this issue:

xsa12-all.patch  Xen unstable, 4.1 and 4.0

$ sha256sum xsa12-all.patch
2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13  xsa12-all.patch
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+QMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZSM8H/28Le7TuRVfFLQy2VYpWtjRVsLoOfY9EZ00/7/Or
bcPM2Ty3o+EQxjmQocXq/JoJfdnyWOciq3qsyscevtlvE7/f9NPQqR2hF3KHMgV4
vxGgoRQDXt5nZwRs/93rP/VXgDUNsSMzZXa4RS5AiWPKVsOq5xydeIXhyruXVUET
x/AUr8d7ARGrcdXcFUSQmCIgK7BZn8ARVhBGJ0JmCbrNWO2ya9tvzacYvpId4H0Y
Jnqrfxn6InIIzyWT7w2xFqBV9I3BR2WjXyVmlTxmPIam6H+uCm3HzcRHxCQn9Vbb
jxMWAXySHnvPraKF4/IWyJ7imQw2Fa+oiJz/2BbIwxGMSBo=
=zLnM
-----END PGP SIGNATURE-----