|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2012-3496: xen: XENMEM_populate_physmap DoS vulnerability (XSA-14) | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Matthias Weckbecker <mweckbecker> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | carnold, jbeulich, jdouglas, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | maint:released:sle11-sp1:48942 maint:released:sle11-sp2:48940 maint:released:sle11-sp1:48941 maint:running:48833:important | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Matthias Weckbecker
2012-08-23 09:23:06 UTC
Created attachment 503225 [details]
-- xsa14-unstable.patch
Created attachment 503226 [details]
-- xsa14-xen-3.4-and-4.x.patch
Original advisory (unmodified):
--------------------------------------------------------------------------
Xen Security Advisory CVE-2012-3496 / XSA-14
XENMEM_populate_physmap DoS vulnerability
*** EMBARGOED UNTIL Wednesday 2012-09-05 12:00:00 UTC ***
ISSUE DESCRIPTION
=================
XENMEM_populate_physmap can be called with invalid flags. By calling
it with MEMF_populate_on_demand flag set, a BUG can be triggered if a
translating paging mode is not being used.
IMPACT
======
A malicious guest kernel can crash the host.
VULNERABLE SYSTEMS
==================
All Xen systems running PV guests. Systems running only HVM guests
are not vulnerable.
The vulnerability dates back to at least Xen 4.0. 4.0, 4.1, the 4.2
RCs, and xen-unstable.hg are all vulnerable.
MITIGATION
==========
This issue can be mitigated by ensuring that the guest kernel is
trustworthy or by running only HVM guests.
RESOLUTION
==========
Applying the appropriate attached patch will resolve the issue.
PATCH INFORMATION
=================
The attached patches resolve this issue
xen-unstable xsa14-unstable.patch
Xen 4.1, 4.1.x, 4.0, 4.0.x, 3.4 and 3.4.x xsa14-xen-3.4-and-4.x.patch
$ sha256sum xsa14-*.patch
7a2e119b114708420c3484ecc338c7a198097f40e0d38854756dfa69c4c859a8 xsa14-unstable.patch
41a1ee1da7e990dc93b75fad0d46b66a2bda472e9aa288c91d1dc5d15d2c2012 xsa14-xen-3.4-and-4.x.patch
--------------------------------------------------------------------------
The SWAMPID for this issue is 48833. This issue was rated as important. Please submit fixed packages until 2012-08-30. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. Packages have been submitted with the following submit requests: SLE11-SP2: 21570 (xen), 21571 (vm-install) SLE11-SP1: 21572 (xen) public via oss-sec Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU Products: SLE-SERVER 11-SP1-TERADATA (x86_64) Update released for: vm-install, xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-default, xen-kmp-trace, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP2 (x86_64) SLE-DESKTOP 11-SP2 (x86_64) SLE-SDK 11-SP2 (x86_64) SLE-SERVER 11-SP2 (x86_64) SLES4VMWARE 11-SP2 (x86_64) Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1-LTSS (i386, x86_64) released openSUSE-SU-2012:1172-1: An update that solves 8 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 762484,766283,767273,773393,773401,776995,777084,777086,777088,777090,777091 CVE References: CVE-2012-2625,CVE-2012-3432,CVE-2012-3433,CVE-2012-3494,CVE-2012-3495,CVE-2012-3496,CVE-2012-3498,CVE-2012-3515 Sources used: openSUSE 12.1 (src): xen-4.1.3_01-1.13.1 openSUSE-SU-2012:1174-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 744771,762484,773393,773401,776995,777084,777090,777091 CVE References: CVE-2012-2625,CVE-2012-3432,CVE-2012-3433,CVE-2012-3494,CVE-2012-3496,CVE-2012-3515 Sources used: openSUSE 11.4 (src): xen-4.0.3_04-45.1 openSUSE-SU-2012:1176-1: An update that solves 8 vulnerabilities and has four fixes is now available. Category: security (low) Bug References: 762484,766283,766284,767273,773393,773401,776995,777084,777086,777088,777090,777091 CVE References: CVE-2012-2625,CVE-2012-3432,CVE-2012-3433,CVE-2012-3494,CVE-2012-3495,CVE-2012-3496,CVE-2012-3498,CVE-2012-3515 Sources used: openSUSE 12.2 (src): xen-4.1.3_01-5.6.2 openSUSE-SU-2012:1572-1: An update that solves 16 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 764077,771099,776755,776995,777086,777090,777091,777890,778105,779212,784087,786516,786517,786518,786519,786520,787163 CVE References: CVE-2007-0998,CVE-2012-2625,CVE-2012-2934,CVE-2012-3494,CVE-2012-3495,CVE-2012-3496,CVE-2012-3497,CVE-2012-3498,CVE-2012-3515,CVE-2012-4411,CVE-2012-4535,CVE-2012-4536,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544 Sources used: openSUSE 12.1 (src): xen-4.1.3_04-1.21.1 openSUSE-SU-2012:1573-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 764077,771099,776755,777086,777090,777091,777890,778105,779212,784087,786516,786517,786518,786519,786520,787163 CVE References: CVE-2007-0998,CVE-2012-2625,CVE-2012-2934,CVE-2012-3494,CVE-2012-3495,CVE-2012-3496,CVE-2012-3497,CVE-2012-3498,CVE-2012-3515,CVE-2012-4411,CVE-2012-4535,CVE-2012-4536,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544 Sources used: openSUSE 12.2 (src): xen-4.1.3_04-5.13.1 |