|
Red Hat Bugzilla – Full Text Bug Listing |
| Summary: | CVE-2012-3494 kernel: xen: hypercall set_debugreg vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | drjones, lersek, pbonzini, security-response-team, tburke |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=moderate,public=20120905,reported=20120823,source=upstream,cvss2=5.5/AV:A/AC:L/Au:S/C:N/I:N/A:C,rhel-5/kernel-xen=notaffected,fedora-all/xen=affected | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | ||
| Bug Depends On: | 854585 | ||
| Bug Blocks: | 851204 | ||
Statement: Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor. Now public via: http://seclists.org/oss-sec/2012/q3/376 Created xen tracking bugs for this issue Affects: fedora-all [bug 854585] xen-4.1.3-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |
set_debugreg allows writes to reserved bits of the DR7 debug control register on x86-64. A malicious guest can cause the host to crash, leading to a DoS. If the vulnerable hypervisor is run on future hardware, the impact of the vulnerability might be widened depending on the future assignment of the currently-reserved debug register bits. All systems running 64-bit paravirtualised guests are vulnerable to this issue. Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.