848657 – (CVE-2013-4494) VUL-0: xen: CVE-2013-4494: XSA-73: Lock order reversal between page allocation and grant table locks

Bug 848657 (CVE-2013-4494) - VUL-0: xen: CVE-2013-4494: XSA-73: Lock order reversal between page allocation and grant table locks

Summary: VUL-0: xen: CVE-2013-4494: XSA-73: Lock order reversal between page allocatio...

Status:	RESOLVED FIXED

Alias:	CVE-2013-4494

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2013-11-26
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:54914:moderate maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-11-01 16:15 UTC by Victor Pereira
Modified:	2015-02-19 01:33 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2013-11-01 16:15:12 UTC

OSS:11402

The locks page_alloc_lock and grant_table.lock are not always taken in
the same order.  This opens the possibility of deadlock.

Impact:

A malicious guest administrator can deny service to the entire host.


References:
http://comments.gmane.org/gmane.comp.security.oss.general/11402

Comment 1 Swamp Workflow Management 2013-11-04 09:37:00 UTC

The SWAMPID for this issue is 54914.
This issue was rated as moderate.
Please submit fixed packages until 2013-11-18.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 2 Swamp Workflow Management 2013-11-04 23:00:08 UTC

bugbot adjusting priority

Comment 5 Swamp Workflow Management 2013-11-19 10:35:54 UTC

The SWAMPID for this issue is 55163.
This issue was rated as important.
Please submit fixed packages until 2013-11-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 6 Charles Arnold 2013-11-25 16:31:28 UTC

Xen is submitted for SLE11-SP3 SR#: 29549
(this supersedes SR#29400 from comment #3)

Additional fixes included with this SR are,

- bnc#851386 - VUL-0: xen: XSA-78: Insufficient TLB flushing in VT-d (iommu) code
- bnc#849667 - VUL-0: CVE-2013-4553: xen: XSA-74: Lock order reversal between page_alloc_lock and mm_rwlock
- bnc#849668 - VUL-0: CVE-2013-4554: xen: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests

Comment 7 Swamp Workflow Management 2013-12-12 17:49:22 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)

Comment 8 Swamp Workflow Management 2013-12-16 10:04:36 UTC

openSUSE-SU-2013:1876-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 845520,848657,849665,849667,849668,851386,851749
CVE References: CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554
Sources used:
openSUSE 13.1 (src):    xen-4.3.1_02-4.4

Comment 9 Marcus Meissner 2013-12-19 15:43:04 UTC

done

Comment 10 Swamp Workflow Management 2013-12-19 17:48:46 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, x86_64)

Comment 11 Swamp Workflow Management 2013-12-19 21:05:35 UTC

SUSE-SU-2013:1923-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 833483,840997,842417,846849,848014,848657,849665,849667,849668,851386
CVE References: CVE-2013-1922,CVE-2013-2007,CVE-2013-4375,CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    xen-4.2.3_08-0.7.1
SUSE Linux Enterprise Server 11 SP3 (src):    xen-4.2.3_08-0.7.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    xen-4.2.3_08-0.7.1

Comment 13 Swamp Workflow Management 2014-03-20 08:48:15 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-bigsmp, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-kdumppae, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-kmp-vmi, xen-kmp-vmipae, xen-libs, xen-libs-32bit, xen-libs-x86, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-DEBUGINFO 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4-LTSS (i386, x86_64)

Comment 14 Swamp Workflow Management 2014-03-20 12:05:29 UTC

SUSE-SU-2014:0411-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 787163,813673,813677,823011,840592,842511,848657,849668,853049
CVE References: CVE-2012-4544,CVE-2013-1917,CVE-2013-1920,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-4355,CVE-2013-4368,CVE-2013-4494,CVE-2013-4554,CVE-2013-6885
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    xen-3.2.3_17040_46-0.7.1

Comment 15 Swamp Workflow Management 2014-03-25 15:04:44 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 16 Swamp Workflow Management 2014-03-25 18:48:57 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, x86_64)

Comment 17 Swamp Workflow Management 2014-03-25 22:10:44 UTC

SUSE-SU-2014:0446-1: An update that fixes 47 vulnerabilities is now available.

Category: security (important)
Bug References: 777628,777890,779212,786516,786517,786519,786520,787163,789944,789945,789948,789950,789951,794316,797031,797523,800275,805094,813673,813675,813677,816156,816159,816163,819416,820917,820919,823011,823608,826882,831120,839596,839618,840592,841766,842511,848657,849667,849668,853049,860163
CVE References: CVE-2006-1056,CVE-2007-0998,CVE-2012-3497,CVE-2012-4411,CVE-2012-4535,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544,CVE-2012-5510,CVE-2012-5511,CVE-2012-5513,CVE-2012-5514,CVE-2012-5515,CVE-2012-5634,CVE-2012-6075,CVE-2012-6333,CVE-2013-0153,CVE-2013-0154,CVE-2013-1432,CVE-2013-1442,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-2211,CVE-2013-2212,CVE-2013-4329,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4494,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    xen-4.0.3_21548_16-0.5.1

Comment 18 Swamp Workflow Management 2014-04-01 12:04:21 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 19 Swamp Workflow Management 2014-04-01 14:55:19 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-bigsmp, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-kdumppae, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-kmp-vmi, xen-kmp-vmipae, xen-libs, xen-libs-32bit, xen-libs-x86, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-DEBUGINFO 10-SP3 (i386, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, x86_64)

Comment 20 Swamp Workflow Management 2014-04-01 18:06:25 UTC

SUSE-SU-2014:0470-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 786516,786517,787163,789950,789951,813673,813677,823011,840592,842511,848657,849668,853049
CVE References: CVE-2012-4535,CVE-2012-4537,CVE-2012-4544,CVE-2012-5513,CVE-2012-5515,CVE-2013-1917,CVE-2013-1920,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-4355,CVE-2013-4368,CVE-2013-4494,CVE-2013-4554,CVE-2013-6885
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    xen-3.2.3_17040_28-0.6.21.3

Comment 21 Swamp Workflow Management 2014-04-04 14:08:09 UTC

openSUSE-SU-2014:0483-1: An update that solves 16 vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 831120,833251,833483,840997,842417,846849,848014,848657,849665,849667,849668,853048,853049,858311,858496,860163,860165,860300,860302,861256,863297
CVE References: CVE-2013-2212,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554,CVE-2013-6400,CVE-2013-6885,CVE-2014-1642,CVE-2014-1666,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894,CVE-2014-1895,CVE-2014-1896,CVE-2014-1950
Sources used:
openSUSE 12.3 (src):    xen-4.2.4_02-1.26.2