=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN129
_____________________________________________________________________

DATE                : 08/04/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Xen versions since 3.2.

======================================================================
http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
______________________________________________________________________


             Xen Security Advisory CVE-2013-1920 / XSA-47

        Potential use of freed memory in event channel operations

ISSUE DESCRIPTION
=================

Wrong ordering of operations upon extending the per-domain event
channel tracking table can cause a pointer to freed memory to be left
in place, when the hypervisor is under memory pressure and XSM (Xen
Security Module) is enabled.

IMPACT
======

Malicious guest kernels could inject arbitrary events or corrupt other
hypervisor state, possibly leading to code execution.

VULNERABLE SYSTEMS
==================

All Xen versions from 3.2 onwards are vulnerable when making use of
XSM.  Configurations without XSM or with a dummy module are not
affected.

MITIGATION
==========

Running without XSM (which is the default) will avoid this
vulnerability, albeit doing so will likely lower overall security of
systems that would otherwise have XSM enabled.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa47-4.1.patch             Xen 4.1.x
xsa47-4.2-unstable.patch    Xen 4.2.x and xen-unstable

$ sha256sum xsa47*.patch
e49a03e0693de07ec1418eb16191854458e72088febd6948ea5bc1f900a1853a
xsa47-4.1.patch
c29b59492f9d7e3f74bfc41877a2c5cff70436d3738fd91066f396f969aab0a7
xsa47-4.2-unstable.patch
$


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================