Bugzilla – Bug 849667
VUL-0: CVE-2013-4553: xen: XSA-74: Lock order reversal between page_alloc_lock and mm_rwlock
Last modified: 2015-02-19 01:34:07 UTC
Created attachment 566737 [details] xsa74-4.1-4.2.patch xsa74-4.1-4.2.patch
Created attachment 566738 [details] xsa74-4.3-unstable.patch xsa74-4.3-unstable.patch
bugbot adjusting priority
Xen Security Advisory CVE-2013-4553 / XSA-74 version 3 Lock order reversal between page_alloc_lock and mm_rwlock UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The locks page_alloc_lock and mm_rwlock are not always taken in the same order. This raises the possibility of deadlock. The incorrect order occurs only in the implementation of the deprecated domctl hypercall XEN_DOMCTL_getmemlist. IMPACT ====== A malicious guest administrator may be able to deny service to the entire host. VULNERABLE SYSTEMS ================== Xen 3.4.x and later are vulnerable. Xen 3.3.x and earlier are not vulnerable. Only systems where a privileged domain frequently or predictably uses XEN_DOMCTL_getmemlist are vulnerable. (Its use by manually invoked debugging and stress testing tools is not a security problem.) We are not aware of any toolstack software which has relevant (and hence vulnerable) uses of this hypercall. xend, libxl, xapi and libvirt are known not to do so. We are therefore not aware of any deployed Xen-based systems which are vulnerable. We are issuing this advisory primarily for the benefit of any Xen-derived systems using unusual toolstack software. MITIGATION ========== If you are using a toolstack (or other software) which uses XEN_DOMCTL_getmemlist, disabling the relevant feature or functions may be possible, and would avoid the vulnerability. CREDITS ======= This issue was discovered by Coverity Scan and diagnosed by Andrew Cooper. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa74-4.3-unstable.patch Xen 4.3.x, xen-unstable xsa74-4.1-4.2.patch Xen 4.1.x, Xen 4.2.x $ sha256sum xsa74*.patch 0f7d0bbfbd7f3f1b6f6005321fa45081524dad438587f691e6892cc393327f89 xsa74-4.1-4.2.patch b505cdba662b1b1cd91d5611fac998c6b4e89e366780c6b9864b6965075afb38 xsa74-4.3-unstable.patch $
openSUSE-SU-2013:1876-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 845520,848657,849665,849667,849668,851386,851749 CVE References: CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554 Sources used: openSUSE 13.1 (src): xen-4.3.1_02-4.4
done
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, x86_64)
SUSE-SU-2013:1923-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 833483,840997,842417,846849,848014,848657,849665,849667,849668,851386 CVE References: CVE-2013-1922,CVE-2013-2007,CVE-2013-4375,CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): xen-4.2.3_08-0.7.1 SUSE Linux Enterprise Server 11 SP3 (src): xen-4.2.3_08-0.7.1 SUSE Linux Enterprise Desktop 11 SP3 (src): xen-4.2.3_08-0.7.1
fix not yet in sles11 sp2
Xen package submitted for this bug with the following requests: SUSE:SLE-11-SP2:Update:Test: SR#33409 SUSE:SLE-11-SP1:Update:Teradata:Test: SR#33410 openSUSE:12.3:Update: MR#223847
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-libs-x86, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2-LTSS (i386, x86_64)
SUSE-SU-2014:0372-1: An update that solves 10 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 831120,833483,842417,846849,848014,849667,849668,853049,860163,860302,861256 CVE References: CVE-2013-2212,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1666,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894,CVE-2014-1950 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): xen-4.1.6_06-0.5.1
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1-LTSS (i386, x86_64)
SUSE-SU-2014:0446-1: An update that fixes 47 vulnerabilities is now available. Category: security (important) Bug References: 777628,777890,779212,786516,786517,786519,786520,787163,789944,789945,789948,789950,789951,794316,797031,797523,800275,805094,813673,813675,813677,816156,816159,816163,819416,820917,820919,823011,823608,826882,831120,839596,839618,840592,841766,842511,848657,849667,849668,853049,860163 CVE References: CVE-2006-1056,CVE-2007-0998,CVE-2012-3497,CVE-2012-4411,CVE-2012-4535,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544,CVE-2012-5510,CVE-2012-5511,CVE-2012-5513,CVE-2012-5514,CVE-2012-5515,CVE-2012-5634,CVE-2012-6075,CVE-2012-6333,CVE-2013-0153,CVE-2013-0154,CVE-2013-1432,CVE-2013-1442,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-2211,CVE-2013-2212,CVE-2013-4329,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4494,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): xen-4.0.3_21548_16-0.5.1
Fixed and released. Closing bug.
openSUSE-SU-2014:0483-1: An update that solves 16 vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 831120,833251,833483,840997,842417,846849,848014,848657,849665,849667,849668,853048,853049,858311,858496,860163,860165,860300,860302,861256,863297 CVE References: CVE-2013-2212,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554,CVE-2013-6400,CVE-2013-6885,CVE-2014-1642,CVE-2014-1666,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894,CVE-2014-1895,CVE-2014-1896,CVE-2014-1950 Sources used: openSUSE 12.3 (src): xen-4.2.4_02-1.26.2