Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes
The XSA-45/CVE-2013-1918 patch making error handling paths preemptible
page reference counting by not retaining a reference on pages stored for
deferred cleanup. This would lead to the hypervisor prematurely attempting to
free the page, generally crashing upon finding the page still in use.
Thanks to Andrew Cooper and the Citrix XenServer team for discovering
and reporting this vulnerability, and helping investigate it.
Malicious or buggy PV guest kernels can mount a denial of service
affecting the whole system. It can’t be excluded that this could also be
exploited to mount a privilege escalation attack.
All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable.
The vulnerability is only exposed by PV guests.
Running only HVM guests, or PV guests with trusted kernels, will avoid
Applying the appropriate attached patch resolves this issue.
xsa58-4.1.patch Xen 4.1.x
xsa58-4.2.patch Xen 4.2.x
$ sha256sum xsa58*.patch
(from redmine: issue id 2123, created on 2013-06-26, closed on 2013-07-03)
- child #2124 (closed)
- child #2125 (closed)
- child #2126 (closed)
- child #2127 (closed)
- Revision 448e4822 by Natanael Copa on 2013-07-01T16:38:45Z:
main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123
- Revision ccdb8c3a by Natanael Copa on 2013-07-01T16:44:49Z:
main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123 fixes #2124 (cherry picked from commit 448e4822bbf8a2b4aa8b8f8d8153a2a0b4e0efda) Conflicts: main/xen/APKBUILD
- Revision 02b9902f by Natanael Copa on 2013-07-01T16:49:55Z:
main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123 fixes #2125 (cherry picked from commit 448e4822bbf8a2b4aa8b8f8d8153a2a0b4e0efda) Conflicts: main/xen/APKBUILD
- Revision f87a9718 by Natanael Copa on 2013-07-01T17:02:29Z:
main/xen: main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123 fixes #2126
- Revision 14e8058d by Natanael Copa on 2013-07-02T11:54:33Z:
main/xen: main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123 fixes #2127