The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Xen: infinite loop via GNTTABOP_get_status_frames

Synthesis of the vulnerability 

A local attacker, who is administrator in a PV guest system, can use the GNTTABOP_get_status_frames hypercall, in order to lock Xen.
Vulnerable systems: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity of this threat: 1/4.
Creation date: 13/11/2012.
Références of this weakness: BID-56498, CERTA-2012-AVI-650, CERTA-2012-AVI-651, CTX135458, CVE-2012-4539, DSA-2582-1, FEDORA-2012-18242, FEDORA-2012-18249, openSUSE-SU-2012:1572-1, openSUSE-SU-2012:1573-1, SUSE-SU-2012:1486-1, SUSE-SU-2012:1487-1, SUSE-SU-2012:1503-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12140, XSA-24.

Description of the vulnerability 

The Xen hypervisor can be installed on a 64 bit processor, and can provide ParaVirtualized 32 bit systems.

However, in this configuration, the GNTTABOP_get_status_frames hypercall uses twice the same loop control variable. An attacker can then use a malicious hypercall parameter, to generate an infinite loop.

A local attacker, who is administrator in a PV guest system, can therefore use the GNTTABOP_get_status_frames hypercall, in order to lock Xen.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this security vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

Xen: version 4.2.1.
The version 4.2.1 is fixed:
  http://xen.org/download/index_4.2.1.html
Note: according to the announce, this version takes into account all vulnerabilities which have been announced on December, 03, 2012 except VIGILANCE-VUL-12202.

Xen: version 4.1.4.
The version 4.1.4 is fixed:
  http://xen.org/download/index_4.1.4.html
Note: according to the announce, this version takes into account all vulnerabilities which have been announced on December, 03, 2012 except VIGILANCE-VUL-12206.

Xen: patch for GNTTABOP_get_status_frames.
A patch is available in information sources.

Citrix XenServer: hotfixes.
Hotfixes are available:
Citrix XenServer 6.1:
  http://support.citrix.com/article/ctx135469
Citrix XenServer 6.0.2:
  http://support.citrix.com/article/ctx135467
Citrix XenServer 6.0.2 CC:
  http://support.citrix.com/article/ctx135468
Citrix XenServer 6.0.0:
  http://support.citrix.com/article/ctx135466
Citrix XenServer 5.6 Service Pack 2:
  http://support.citrix.com/article/ctx135465
Citrix XenServer 5.6 Feature Pack 1:
  http://support.citrix.com/article/ctx135464
Citrix XenServer 5.6:
  http://support.citrix.com/article/ctx135462
Citrix XenServer 5.6 CC:
  http://support.citrix.com/article/ctx135463
Citrix XenServer 5.5 Update 2:
  http://support.citrix.com/article/ctx135461
Citrix XenServer 5.0 Update 3:
  http://support.citrix.com/article/ctx135460

Debian: new xen packages.
New packages are available:
  xen_4.0.1-5.5

Fedora: new xen packages.
New packages are available:
  xen-4.1.3-4.fc16
  xen-4.1.3-6.fc17

openSUSE 12: new xen packages.
New packages are available:
  openSUSE 12.1: xen-4.1.3_04-1.21.1
  openSUSE 12.2: xen-4.1.3_04-5.13.1

SUSE LE 10: new xen packages (16/11/2012).
New packages are available:
  xen-3.2.3_17040_42-0.7.2

SUSE LE 11: new libvirt packages.
New packages are available:
  libvirt-0.9.6-0.23.1

SUSE LE 11: new xen packages.
New packages are available:
  xen-4.1.3_04-0.5.1

SUSE LE 11 SP1: new xen packages.
New packages are available:
  SUSE LE 11: xen 4.0.3_21548_16-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.