Information

Files

Advisory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

             Xen Security Advisory CVE-2013-0190 / XSA-40
                               version 2

 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.

UPDATES IN VERSION 2
====================

Normalize version tags

ISSUE DESCRIPTION
=================

xen_failsafe_callback incorrectly sets up its stack if an iret fault is
injected by the hypervisor.

IMPACT
======

Malicious or buggy unprivileged userspace can cause the guest kernel to
crash, or operate erroneously.

VULNERABLE SYSTEMS
==================

All 32bit PVOPS versions of Linux are affected, since the introduction
of Xen PVOPS support in 2.6.23.  Classic-Xen kernels are not vulnerable.

MITIGATION
==========

This can be mitigated by not running 32bit PVOPS Linux guests.

32bit classic-Xen guests, all 64bit PV guests and all HVM guests are
unaffected.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa40.patch  Linux

$ sha256sum xsa40*.patch
b6aa67b4605f6088f757ca28093d265c71e456906619d81d129bf656944ed721  xsa40.patch
$
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+cMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ8+AH/A/p6PbxIMKcrs2uuqPiYGtvyOulY0+JeOVZmWAA
APiFsbAHUAAV2+re+pSre2crn9ajNZ3cuAv/ZIMm+ID8NLspn9HlhVl7cBnPOBUX
RWaQ1gZFhnTWjTyLGr5g+SWFEwJzbRiN3dNb8ySsL3XzYOc0nG5lwRNNsxy0uvus
fFvlQ0qlGZ9zXCp9xKTYC9wdYZYLEnvVc16PW/75susDj9q0EvnJuklo1LZp9wdw
HP/gG7GzVzkw8ybR5wXCMqLHdKqHa7Np6tP4/ITers2nwPQEE4UE3/YK/eEj9yF7
OyWu4JaLtkDs3j2q7zw/Ut6yf9Eia0bRA/rEvC3cKR6eE1k=
=bM20
-----END PGP SIGNATURE-----