From: Andrew Cooper <andrew.cooper3@citrix.com>
To: xen-devel@lists.xen.org
Subject: Re: Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability
Date: Wed, 5 Sep 2012 10:52:11 +0100 [thread overview]
Message-ID: <504720CB.8060906@citrix.com> (raw)
In-Reply-To: <4cb9d7f220dd459c1554c6b5d9e2ed73@abpni.co.uk>
[-- Attachment #1.1: Type: text/plain, Size: 1862 bytes --]
On 05/09/12 10:49, Jonathan Tripathy wrote:
> Is Xen 3.4.x vulnerable?
>
> Thanks
Yes - Vulnerable (tested and fixed) all the way back as far as Xen-3.2
(which is the earliest version that XenServer still creates security
fixes for)
~Andrew
>
> On 05.09.2012 10:38, Xen.org security team wrote:
> Xen Security Advisory CVE-2012-3494 / XSA-12
> version 3
>
> hypercall set_debugreg vulnerability
>
> UPDATES IN VERSION 3
> ====================
>
> Public release.
>
> ISSUE DESCRIPTION
> =================
>
> set_debugreg allows writes to reserved bits of the DR7 debug control
> register on x86-64.
>
> IMPACT
> ======
>
> A malicious guest can cause the host to crash, leading to a DoS.
>
> If the vulnerable hypervisor is run on future hardware, the impact of
> the vulnerability might be widened depending on the future assignment
> of the currently-reserved debug register bits.
>
> VULNERABLE SYSTEMS
> ==================
>
> All systems running 64-bit paravirtualised guests.
>
> The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
> RCs, and xen-unstable.hg are all vulnerable.
>
> MITIGATION
> ==========
>
> This issue can be mitigated by ensuring (inside the guest) that the
> kernel is trustworthy, or by running only 32-bit or HVM guests.
>
> RESOLUTION
> ==========
>
> Applying the appropriate attached patch will resolve the issue.
>
> PATCH INFORMATION
> =================
>
> The attached patch resolves this issue:
>
> Xen unstable, 4.1 and 4.0 xsa12-all.patch
>
> $ sha256sum xsa12-all.patch
> 2415ee133e28b1c848c5ae3ce766cc2a67009bad8d026879030a6511b85dbc13
> xsa12-all.patch
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
--
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com
[-- Attachment #1.2: Type: text/html, Size: 3327 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2012-09-05 9:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1T9C4K-0003Su-2p@mariner.uk.xensource.com>
2012-09-05 9:49 ` Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability Jonathan Tripathy
2012-09-05 9:52 ` Andrew Cooper [this message]
2012-09-05 9:57 ` Jan Beulich
2012-09-05 9:38 Xen.org security team
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=504720CB.8060906@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.