Xen Multiple Denial of Service Vulnerabilities

by Carol~ Moderator - 11/13/12 11:39 AM

In Reply to: VULNERABILITIES / FIXES - November 13, 2012 by Carol~ Moderator

Release Date : 2012-11-13

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status: Vendor Patch

Software: Xen 3.x
Xen 4.x

Description:Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

1) An error when handling the VCPU deadline can be exploited to trigger an infinite loop and cause a crash.

2) An out-of-bounds read error within the "domain_pirq_to_emuirq()" function when handling pirq values can be exploited to cause a crash.

3) An error when handling "set_p2m_entry()" call fails exhausts memory reserved for the p2m table and can be exploited to trigger an exception and cause a crash.

4) An error when handling the "HVMOP_pagetable_dying()" hypercall can be exploited to cause a crash.

5) An error within the "GNTTABOP_get_status_frames()" function can be exploited to trigger an infinite loop and cause a crash.

Please see the vendor's advisory for a list of affected versions.

Solution:
Apply patches (please see the vendor's advisory for more information).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Xen (XSA-20, XSA-21, XSA-22, XSA-23, XSA-24):
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html

http://secunia.com/advisories/51200/