[v2.3] Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes
The XSA-45/CVE-2013-1918 patch making error handling paths preemptible
page reference counting by not retaining a reference on pages stored for
deferred cleanup. This would lead to the hypervisor prematurely attempting to
free the page, generally crashing upon finding the page still in use.
Thanks to Andrew Cooper and the Citrix XenServer team for discovering
and reporting this vulnerability, and helping investigate it.
Malicious or buggy PV guest kernels can mount a denial of service
affecting the whole system. It can’t be excluded that this could also be
exploited to mount a privilege escalation attack.
All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable.
The vulnerability is only exposed by PV guests.
Running only HVM guests, or PV guests with trusted kernels, will avoid
Applying the appropriate attached patch resolves this issue.
xsa58-4.1.patch Xen 4.1.x
xsa58-4.2.patch Xen 4.2.x
$ sha256sum xsa58*.patch
(from redmine: issue id 2127, created on 2013-06-26, closed on 2013-07-03)
- parent #2123 (closed)
- Revision 14e8058d by Natanael Copa on 2013-07-02T11:54:33Z:
main/xen: main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432) ref #2123 fixes #2127