This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 843582 - (CVE-2012-3433) CVE-2012-3433 kernel: xen: HVM guest destroy p2m teardown host DoS vulnerability
CVE-2012-3433 kernel: xen: HVM guest destroy p2m teardown host DoS vulnerability
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120809,repo...
: Security
Depends On:
Blocks: 843584
  Show dependency treegraph
 
Reported: 2012-07-26 13:01 EDT by Petr Matousek
Modified: 2015-02-16 10:43 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-27 04:29:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2012-07-26 13:01:28 EDT
Description of the problem:

An HVM guest is able to manipulate its physical address space such
that tearing down the guest takes an extended period amount of
time searching for shared pages.

This causes the domain 0 VCPU which tears down the domain to be
blocked in the destroy hypercall. This causes that domain 0 VCPU to
become unavailable and may cause the domain 0 kernel to panic.

There is no requirement for memory sharing to be in use.

A privileged user in HVM guest can cause the host to become
unresponsive for a period of time, potentially leading to a DoS. PV
guests are not affected.

This vulnerability affects only Xen 4.0 and 4.1. Xen 3.4 and earlier
and xen-unstable are not vulnerable.

Acknowledgements:

Red Hat would like to thank the Xen for reporting this issue.
Comment 2 Paolo Bonzini 2012-07-27 04:15:20 EDT
Petr, this doesn't seem to affect RHEL.  None of the patched code is part of RHEL (we never really backported anything in this area after 5.3/5.4, and those corresponded roughly to Xen 3.2 -> 3.4).
Comment 3 Petr Matousek 2012-07-27 05:28:02 EDT
(In reply to comment #2)
> Petr, this doesn't seem to affect RHEL.  None of the patched code is part of
> RHEL (we never really backported anything in this area after 5.3/5.4, and
> those corresponded roughly to Xen 3.2 -> 3.4).

You are right, thank you for having a look.
Comment 4 Petr Matousek 2012-07-27 05:36:47 EDT
Statement:

Not vulnerable.

The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6,
and Red Hat Enterprise MRG are not affected. 

The versions of the kernel-xen packages as shipped with Red Hat Enterprise Linux 5 are not affected because we did not provide support for memory sharing functionality.

Note You need to log in before you can comment on or make changes to this bug.