Information
| Advisory | XSA-73 |
|---|
| Public release | 2013-11-01 15:07 |
|---|
| Updated | 2013-11-04 13:15 |
|---|
| Version | 3 |
|---|
| CVE(s) | CVE-2013-4494 |
|---|
| Title | Lock order reversal between page allocation and grant table locks |
|---|
Files
advisory-73.txt (signed advisory file)
xsa73-4.1.patch
xsa73-4.2.patch
xsa73-4.3-unstable.patch
Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2013-4494 / XSA-73
version 3
Lock order reversal between page allocation and grant table locks
UPDATES IN VERSION 3
====================
The issue has been assigned CVE-2013-4494.
NOTE REGARDING LACK OF EMBARGO
==============================
While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.
ISSUE DESCRIPTION
=================
The locks page_alloc_lock and grant_table.lock are not always taken in
the same order. This opens the possibility of deadlock.
IMPACT
======
A malicious guest administrator can deny service to the entire host.
VULNERABLE SYSTEMS
==================
Xen versions going back to at least Xen 3.2 are vulnerable.
To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.
MITIGATION
==========
There is no practical mitigation for this issue.
CREDITS
=======
This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa73-4.3-unstable.patch Xen 4.3.x, xen-unstable
xsa73-4.2.patch Xen 4.2.x
xsa73-4.1.patch Xen 4.1.x
$ sha256sum xsa73*.patch
519eb1d2815c41d73c775324f43d1a7d75615775194bd0f6584147b45d04250b xsa73-4.1.patch
9eab1db170dc13bdd4da76bc2184399f705d124acd14b364428f012ea5c3a281 xsa73-4.2.patch
1c070e66d1bea3c109f22ea4db2e8828f0f4b016d51d6d88667b775eec340514 xsa73-4.3-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJSd53SAAoJEIP+FMlX6CvZAMgH/1JgLDhHB5A7w0iVJbHSv4ff
9oxmch/DfMFj1A+Cuhq5YU25I19ocSiqiEU4n7IuADCH4UCetH6UMXqRQ7qj/HPq
RZTGxmPkBNkIVkZd9IqRZEoWy4ENDhdDOa8ViNLqXCTCra0swfeTAav+BtTanpFQ
jca18Ry0o4qo9A/ZNZniAgMV1OXxZkETRm6jVc7tCNzx0daPyAo4xesUDLNJ/EcW
yYv7pIRY1Ct7X5CD3carkRBm0k3PmZ0IClZf5aBWKV8PE95oOk/m8HBIPFGvBp7o
cPBHt7Nra2pWDG76Vtzg0QZuV9XPwaRtPk4U4w9s9K4BpRwDza8mXCBgaRLX9aU=
=RphO
-----END PGP SIGNATURE-----
Xenproject.org Security Team