Bugzilla – Bug 842515
VUL-0: CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak
Last modified: 2015-02-19 01:32:54 UTC
is public now Xen Security Advisory CVE-2013-4375 / XSA-71 version 2 qemu disk backend (qdisk) resource leak UPDATES IN VERSION 2 ==================== Public release Fix patch header corruption in xsa71-qemu-xen-unstable.patch. ISSUE DESCRIPTION ================= The qdisk PV disk backend in the qemu-xen flavour of qemu ("upstream qemu") can be influenced by a malicious frontend to leak mapped grant references. IMPACT ====== A malicious HVM guest can cause the backend domain to run out of grant references, leading to a DoS for any other domain which shares that driver domain. VULNERABLE SYSTEMS ================== Any system which is using the qemu-xen qdisk backend for HVM guests is vulnerable. qemu-xen and qdisk are exposed by systems using libxl from Xen 4.2.0 onwards. In Xen 4.2.0 qemu-xen was a non-default option, from Xen 4.3.0 onwards qemu-xen is the default. Xen 4.1.0 exposes qdisk via libxl but does not support qemu-xen and therefore is not vulnerable. The xend toolstack has never supported qdisk as a disk backend and therefore such systems are not vulnerable. Upstream qemu is vulnerable from version 1.1 onwards. MITIGATION ========== This vulnerability can be avoided by using a different block backend (e.g. blkback or blktap2) or by using the qemu-xen-traditional version of qemu. Users of the xl toolstack, see docs/misc/xl-disk-configuration.txt for information on forcing the use of a particular disk backend and xl.cfg(5) for information on forcing the use of qemu-xen-traditional. Systems which only run PV guests and/or run HVM guests without PV drivers are not vulnerable. CREDITS ======= This issue was discovered by Coverity Scan and Matthew Daley. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa71-qemu-xen-unstable.patch xen-unstable, Xen 4.3.x xsa71-qemu-xen-4.2.patch Xen 4.2.x $ sha256sum xsa71*.patch a3f667e251a32fa5eff4a78eae49acd020b2f340fb203dc08a033d43841b0a2a xsa71-qemu-xen-4.2.patch f5ec607babb01dc8f8065dfe121882af4c3d93c035bafbfed48825dea684d6d9 xsa71-qemu-xen-unstable.patch
released
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, x86_64)
openSUSE-SU-2013:1953-1: An update that solves 9 vulnerabilities and has 9 fixes is now available. Category: security (moderate) Bug References: 828623,833251,833483,833796,834751,835896,836239,839596,839600,840196,840592,841766,842511,842512,842513,842514,842515,845520 CVE References: CVE-2013-1442,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4369,CVE-2013-4370,CVE-2013-4371,CVE-2013-4375,CVE-2013-4416 Sources used: openSUSE 12.3 (src): xen-4.2.3_01-1.22.4