Xen "xen_failsafe_callback()" IRET Handling Denial

by Carol~ Moderator - 1/16/13 1:29 PM

In Reply to: VULNERABILITIES / FIXES - January 16, 2013 by Carol~ Moderator

Xen "xen_failsafe_callback()" IRET Handling Denial of Service Weakness

Release Date : 2013-01-16

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Workaround

Software: Xen 3.x
Xen 4.x

Description:
A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The weakness is caused due to an error within "xen_failsafe_callback()" when handling a failed IRET (Interrupt Return) and can be exploited to cause a crash.

Successful exploitation requires that a ParaVirtual OPerationS (PVOPS) guest is used.

Solution:
Apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
XSA-40:
http://www.openwall.com/lists/oss-security/2013/01/16/6

http://secunia.com/advisories/51834/