security at xen
Jun 12, 2012, 5:03 AM
Post #1 of 1
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS
Xen Security Advisory CVE-2012-0218 / XSA-8
guest denial of service on syscall/sysenter exception generation
UPDATES IN VERSION 7
Public release. Previous versions were embargoed.
When guest user code running inside a Xen guest operating system
attempts to execute a syscall or sysenter instruction, but when the
guest operating system has not registered a handler for that
instruction, a General Protection Fault may need to be injected into
It has been discovered that the code in Xen which does this fails to
clear a flag requesting exception injection, with the result that a
future exception taken by the guest and handled entirely inside Xen
will also be injected into the guest despite Xen having handled it
already, probably crashing the guest.
User space processes on some guest operating systems may be able to
crash the guest.
HVM guests are not vulnerable.
32- and 64-bit PV guests may be vulnerable, depending on the CPU
hardware, the guest operating system, and its exact kernel version and
This issue can be mitigated by running HVM (fully-virtualised).
In some cases this issue can be mitigated by upgrading the guest
kernel to one which installs hooks for sysenter and/or syscall, as
Applying the appropriate attached patch will resolve the issue.
These patches also resolve the (more serious) issue described in
These changes have been made to the staging Xen repositories:
xen-unstable.hg 25480:76eaf5966c05 25200:80f4113be500+25204:569d6f05e1ef
xen-4.1-testing.hg 23299:f08e61b9b33f 23300:0fec1afa4638
xen-4.0-testing.hg 21590:dd367837e089 21591:adb943a387c8
xen-3.4-testing.hg 19996:894aa06e4f79 19997:ddb7578abb89
The attached patches resolve both this issue and that reported in
xen-unstable 25204:569d6f05e1ef or later xsa7-xsa8-unstable-recent.patch
xen-unstable 25199:6092641e3644 or earlier xsa7-xsa8-unstable-apr16.patch
Xen 4.1, 4.1.x xsa7-xsa8-xen-4.1.patch
Xen 4.0, 4.0.x xsa7-xsa8-xen-4.0.patch
Xen 3.4, 3.4.x xsa7-xsa8-xen-3.4.patch
$ sha256sum xsa7-xsa8-*patch
NOTE REGARDING EMBARGO
The fix for this issue has already been published as xen-unstable.hg
changesets 25200:80f4113be500 and 25204:569d6f05e1ef. However, this
has not been flagged as a security problem, and since the affected
area of code is the same as that for XSA-7 (CVE-2012-0217), we have
concluded that this advisory should be under the same embargo as
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----