Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2012-3433 kernel: xen: HVM guest destroy p2m teardown host DoS vulnerability|
|Product:||[Other] Security Response||Reporter:||Petr Matousek <pmatouse>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED NOTABUG||QA Contact:|
|Version:||unspecified||CC:||agordeev, anton, dhoward, drjones, imammedo, lersek, lwang, pbonzini, plougher, security-response-team, sforsber, tburke, xen-maint|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-07-27 04:29:14 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Petr Matousek 2012-07-26 13:01:28 EDT
Description of the problem: An HVM guest is able to manipulate its physical address space such that tearing down the guest takes an extended period amount of time searching for shared pages. This causes the domain 0 VCPU which tears down the domain to be blocked in the destroy hypercall. This causes that domain 0 VCPU to become unavailable and may cause the domain 0 kernel to panic. There is no requirement for memory sharing to be in use. A privileged user in HVM guest can cause the host to become unresponsive for a period of time, potentially leading to a DoS. PV guests are not affected. This vulnerability affects only Xen 4.0 and 4.1. Xen 3.4 and earlier and xen-unstable are not vulnerable. Acknowledgements: Red Hat would like to thank the Xen for reporting this issue.
Comment 2 Paolo Bonzini 2012-07-27 04:15:20 EDT
Petr, this doesn't seem to affect RHEL. None of the patched code is part of RHEL (we never really backported anything in this area after 5.3/5.4, and those corresponded roughly to Xen 3.2 -> 3.4).
Comment 3 Petr Matousek 2012-07-27 05:28:02 EDT
(In reply to comment #2) > Petr, this doesn't seem to affect RHEL. None of the patched code is part of > RHEL (we never really backported anything in this area after 5.3/5.4, and > those corresponded roughly to Xen 3.2 -> 3.4). You are right, thank you for having a look.
Comment 4 Petr Matousek 2012-07-27 05:36:47 EDT
Statement: Not vulnerable. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG are not affected. The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected because we did not provide support for memory sharing functionality.