OracleVM 3.0 : xen (OVMSA-2012-0050)
Medium Nessus Plugin ID 79488
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- compat/gnttab: Prevent infinite loop in compat code c/s 20281:95ea2052b41b, which introduces Grant Table version 2 hypercalls introduces a vulnerability whereby the compat hypercall handler can fall into an infinite loop.
If the watchdog is enabled, Xen will die after the timeout. This is a security problem, XSA-24 / CVE-2012-4539. (CVE-2012-4539)
- xen/mm/shadow: check toplevel pagetables are present before unhooking them. If the guest has not fully populated its top-level PAE entries when it calls HVMOP_pagetable_dying, the shadow code could try to unhook entries from MFN 0. Add a check to avoid that case. This issue was introduced by c/s 21239:b9d2db109cf5. This is a security problem, XSA-23 / CVE-2012-4538. (CVE-2012-4538)
- x86/physmap: Prevent incorrect updates of m2p mappings In certain conditions, such as low memory, set_p2m_entry can fail. Currently, the p2m and m2p tables will get out of sync because we still update the m2p table after the p2m update has failed. If that happens, subsequent guest-invoked memory operations can cause BUGs and ASSERTs to kill Xen. This is fixed by only updating the m2p table iff the p2m was successfully updated. This is a security problem, XSA-22 / CVE-2012-4537.
- VCPU/timers: Prevent overflow in calculations, leading to DoS vulnerability The timer action for a vcpu periodic timer is to calculate the next expiry time, and to reinsert itself into the timer queue. If the deadline ends up in the past, Xen never leaves __do_softirq. The affected PCPU will stay in an infinite loop until Xen is killed by the watchdog (if enabled). This is a security problem, XSA-20 / CVE-2012-4535. (CVE-2012-4535)
- always release vm running lock on VM shutdown Before this patch, when xend restarted, the VM running lock will not be released on shutdown, so the VM could never start again. Talked with Junjie, we recommend always releasing the lock on VM shutdown. So even when xend restarted, there should be no stale lock leaving there.
- Xen Security Advisory CVE-2012-4411 / XSA-19 version 2 guest administrator can access qemu monitor console Disable qemu monitor by default. The qemu monitor is an overly powerful feature which must be protected from untrusted (guest) administrators. (CVE-2012-4411)
SolutionUpdate the affected xen / xen-devel / xen-tools packages.