Information
| Advisory | XSA-39 |
|---|
| Public release | 2013-02-05 12:00 |
|---|
| Updated | 2023-12-15 15:35 |
|---|
| Version | 3 |
|---|
| CVE(s) | CVE-2013-0216 CVE-2013-0217 |
|---|
| Title | Linux netback DoS via malicious guest ring. |
|---|
Files
advisory-39.txt (signed advisory file)
xsa39-classic-0001-xen-netback-garbage-ring.patch
xsa39-classic-0002-xen-netback-wrap-around.patch
xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39
version 3
Linux netback DoS via malicious guest ring.
UPDATES IN VERSION 3
====================
Normalize version tags
ISSUE DESCRIPTION
=================
The Xen netback implementation contains a couple of flaws which can
allow a guest to cause a DoS in the backend domain, potentially
affecting other domains in the system.
CVE-2013-0216 is a failure to sanity check the ring producer/consumer
pointers which can allow a guest to cause netback to loop for an
extended period preventing other work from occurring.
CVE-2013-0217 is a memory leak on an error path which is guest
triggerable.
IMPACT
======
A malicious guest can mount a DoS affecting the entire system.
VULNERABLE SYSTEMS
==================
All systems running guests with access to PV network devices are
vulnerable.
CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch
kernels.
CVE-2013-0217 affects only mainline ("pvops") kernels.
MITIGATION
==========
Running HVM guests with only emulated or passthrough NICs or PV guests
with only passthrough NICs will avoid this vulnerability.
RESOLUTION
==========
Applying the appropriate attached patches in sequence resolves this issue.
xsa39-pvops-*.patch Linux 3.8-rc2
xsa39-classic-*.patch linux-2.6.18-xen
All patches for the given branch should be applied in numerical order.
$ sha256sum xsa39*.patch
4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1 xsa39-classic-0001-xen-netback-garbage-ring.patch
096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce xsa39-classic-0002-xen-netback-wrap-around.patch
99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5 xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969 xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
$
-----BEGIN PGP SIGNATURE-----
iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+cMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZgi8H/jofpbwbSfcMW+9QyZ4v//O6wfQBXi+yZC9PWssp
43UCmDyy1OIM7iDpLn5sV7Kf2omoPeDxVh9BphdD2wB/O3B8r2mJTwKGANpA8BVH
yI57f1OjL/JdDd+K+u+huuZ3wSKHFdw8Z9PPny7Ann4EXT8B4SUidvAQgnrTQ/Z9
xbJph5mgViglbteEHSN49z91QRI/Fwu8ONTT9f1921ELCrtklxnbMYhEPtOd7uvO
5KuH+yFOsYwseRj5gE5BPnTFK0OhN7SZuT7sN/CzfFfVJaWqGLv2R80QndoQi+4V
/mSj2M/yRGcwUO/orNMCxjJp7XN78zTuKxKkdVoagqxCxE0=
=zzLg
-----END PGP SIGNATURE-----
Xenproject.org Security Team