[kernel-xen] Xen Security Advisory 73 - Lock order reversal between page allocation and grant table locks
Steven Haigh
netwiz at crc.id.au
Sun Nov 3 15:09:14 EST 2013
Xen Security Advisory XSA-73
version 2
Lock order reversal between page allocation and grant table locks
UPDATES IN VERSION 2
====================
Corrected typo in xsa73-4.1.patch. The other patches were already
correct.
NOTE REGARDING LACK OF EMBARGO
==============================
While the response to this issue was being prepared by the security
team, the bug was independently discovered by a third party who
publicly disclosed it without realising the security impact.
ISSUE DESCRIPTION
=================
The locks page_alloc_lock and grant_table.lock are not always taken in
the same order. This opens the possibility of deadlock.
IMPACT
======
A malicious guest administrator can deny service to the entire host.
VULNERABLE SYSTEMS
==================
Xen versions going back to at least Xen 3.2 are vulnerable.
To exploit the vulnerability, the attacker must have control of more
than one vcpu, either by controlling a malicious multi-vcpu guest, or
by controlling more than one guest.
MITIGATION
==========
There is no practical mitigation for this issue.
CREDITS
=======
This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper.
RESOLUTION
==========
Fixed in xen-4.2.3-8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20131103/e988e416/attachment.sig>
More information about the kernel-xen
mailing list