Security Announcements (Historical)

From Xen

Security advisories are made available in accordance with the Xen security problem response process.

Essential Information
List of vulnerabilities

‎An automatically generated list of security advisories is available at xenbits.xen.org/xsa.

Disclosing Vulnerabilities

Please contact security@xenproject.org if you wish to disclose a security vulnerability.

Timely Notifications

In order to get timely notification of security vulnerabilities you should subscribe to the (low volume) xen-announce mailing list or.


If you are eligible, request access to the pre-disclosure list (see the Xen security problem response process for more information).

Security Updates to Xen

See Xen Maintenance Releases for information relating to stable branch maintenance.

Historical Advisories up to XSA-25

The list below contains only historical information on advisories up to XSA-25.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Fixes
xen-unstable.hg: 25480:76eaf5966c05
xen-4.1-testing.hg: 23299:f08e61b9b33f
xen-4.0-testing.hg: 21590:dd367837e089

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Fixes
xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
xen-4.1-testing.hg: 23300:0fec1afa4638
xen-4.0-testing.hg: 21591:adb943a387c8

XSA-9 PV guest host Denial of Service (AMD erratum #121)

Date
12 June 2012 (public disclosure)
References
CVE-2012-2934
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Fixes
xen-unstable.hg: 25481:bc2f3a848f9a
xen-4.1-testing.hg: 23301:a9c0a89c08f2
xen-4.0-testing.hg: 21592:e35c8bb53255

XSA-10 HVM guest user mode MMIO emulation DoS vulnerability

Date
26 July 2012 (public disclosure)
References
CVE-2012-3432
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Fixes
xen-unstable.hg: 25682:ffcb24876b4f
xen-4.1-testing.hg: 23325:a43f5b4b0331
xen-4.0-testing.hg: 21604:82fcf3a5dc3a

XSA-11 HVM guest destroy p2m teardown host DoS vulnerability

Date
8 August 2012 (public disclosure)
References
CVE-2012-3433
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23332:859205b36fe9
xen-4.0-testing.hg: 21608:a51c86b407d7

XSA-12 hypercall set_debugreg vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3494
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Fixes
xen-unstable.hg: 25814:4f1c69648201
xen-4.1-testing.hg: 23349:bcc340292731
xen-4.0-testing.hg: 21613:92334c7f577e

XSA-13 hypercall physdev_get_free_pirq vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3495
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23350:6779ddca8593

XSA-14 XENMEM_populate_physmap DoS vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3496
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Fixes
xen-unstable.hg: 25815:bcf58ef63b7c
xen-4.1-testing.hg: 23351:8ebda5388e4e
xen-4.0-testing.hg: 21614:96b08706a0ed

XSA-15 multiple TMEM hypercall vulnerabilities

Date
5 September 2012 (public disclosure)
References
CVE-2012-3497
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Fixes
None at this time. See advisory for details.

XSA-16 PHYSDEVOP_map_pirq index vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3498
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Fixes
xen-unstable.hg: 25816:2750340a347d
xen-4.1-testing.hg: 23352:936f63ee4dad

XSA-17 Qemu VT100 emulation vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Fixes
qemu-upstream-unstable.git: 87650d262dea07c955a683dcac75db86477c7ee3 (qemu-xen tree)
qemu-xen-unstable.git: a56ae4b5069c7b23ee657b15f08443a9b14a8e7b (qemu-xen-traditional tree)
qemu-xen-4.1-testing.git: 3220480734832a148d26f7a81f90af61c2ecfdd9 (qemu-xen-traditional tree)
qemu-xen-4.0-testing.git: 091149d364e893e643a5da3175c3f84d2163cb3e (qemu-xen-traditional tree)

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:

xen-unstable.hg: 25818:50adc933faaf
xen-4.1-testing.hg: 23353:3e4782f17f5c
xen-4.0-testing.hg: 21615:79444af3258c

XSA-18 grant table entry swaps have inadequate bounds checking

Date
5 September 2012 (public disclosure)
References
CVE-2012-3516
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Fixes
xen-unstable.hg: 25817:93e5a791d076


XSA-19 guest administrator can access qemu monitor console

Date
6 September 2012 (public disclosure)
References
CVE-2012-4411
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
Fixes
qemu-upstream-unstable.git: Not vulnerable
qemu-xen-unstable.git: bacc0d302445c75f18f4c826750fb5853b60e7ca
qemu-xen-4.1-testing.git: d7d453f51459b591faa96d1c123b5bfff7c5b6b6
qemu-xen-4.0-testing.git: eaa1bd612f50d2f253738ed19e14981e4ede98a5

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 25822:ec23c2a11f6f
xen-4.1-testing.hg: 23354:9be1175d2ac3
xen-4.0-testing.hg: 21616:512168f88df9 & 21617:1d1538beeada


XSA 20 Timer overflow DoS vulnerability

Date
13 November 2012
References
CVE-2012-4535
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Fixes
xen-unstable.hg: 26148:bf58b94b3cef
xen-4.2-testing.hg: 25919:788af5959f69
xen-4.1-testing.hg: 23406:701f5e3321c1
xen-4.0-testing.hg: 21618:6b9809dc1e86

XSA 21 pirq range check DoS vulnerability

Date
13 November 2012
References
CVE-2012-4536
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: Not vulnerable
xen-4.1-testing.hg: 23407:210f16b6509b

XSA 22 Memory mapping failure DoS vulnerability

Date
13 November 2012
References
CVE-2012-4537
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Fixes
xen-unstable.hg: 26149:6b6a4007a609
xen-4.2-testing.hg: 25920:4cffe28427e0
xen-4.1-testing.hg: 23408:f635b1447d7e
xen-4.0-testing.hg: 21619:04462a8c7966
xen-3.4-testing.hg: 20028:b42c35f6369a

XSA 23 Unhooking empty PAE entries DoS vulnerability

Date
13 November 2012
References
CVE-2012-4538
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Fixes
xen-unstable.hg: 26150:c7a01b6450e4
xen-4.2-testing.hg: 25921:159080b58dda
xen-4.1-testing.hg: 23409:61eb3d030f52
xen-4.0-testing.hg: 21620:c52d74b254dc

XSA 24 Grant table hypercall infinite loop DoS vulnerability

Date
13 November 2012
References
CVE-2012-4539
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
Fixes
xen-unstable.hg: 26151:b64a7d868f06
xen-4.2-testing.hg: 25922:8ca6372315f8
xen-4.1-testing.hg: 23410:178f63286b02
xen-4.0-testing.hg: 21621:68d7b9cc8259

XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk

Date
13 November 2012
References
CVE-2012-4544,CVE-2012-2625
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
Fixes
xen-unstable.hg: 25589:60f09d1ab1fe 26115:37a8946eeb9d
xen-4.2-testing.hg: 25589:60f09d1ab1fe 25883:537776f51f79
xen-4.1-testing.hg: 23385:69d1cc78a5bd