Xen官网安全更新（2023-10-10）

Possible deadlock in Linux kernel event handling

<br/><br/><br/>XSA-441 - Xen Security Advisories<br/><br/><br/><br/>InformationAdvisory XSA-441Public release 2023-10-10 11:26Updated 2023-10-10 11:26Version 4CVE(s) CVE-2023-34324Title Possible deadlock in Linux kernel event handlingFilesadvisory-441.txt (signed advisory file)xsa441-linux.patchAdvisory-----BEGIN PGP SIGNED MESSAGE-----<br/>Hash: SHA256<br/><br/> Xen Security Advisory CVE-2023-34324 / XSA-441<br/> version 4<br/><br/> Possible deadlock in Linux kernel event handling<br/><br/>UPDATES IN VERSION 4<br/>====================<br/><br/>Public release.<br/><br/>Modified advisory again to state that Arm32 guests are NOT affected.<br/><br/>ISSUE DESCRIPTION<br/>=================<br/><br/>Closing of an event channel in the Linux kernel can result in a deadlock.<br/>This happens when the close is being performed in parallel to an unrelated<br/>Xen console action and the handling of a Xen console interrupt in an<br/>unprivileged guest.<br/><br/>The closing of an event channel is e.g. triggered by removal of a<br/>paravirtual device on the other side. As this action will cause console<br/>messages to be issued on the other side quite often, the chance of<br/>triggering the deadlock is not neglectable.<br/><br/>Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel<br/>on Arm doesn&amp;#39;t use queued-RW-locks, which are required to trigger the<br/>issue (on Arm32 a waiting writer doesn&amp;#39;t block further readers to get<br/>the lock).<br/><br/>IMPACT<br/>======<br/><br/>A (malicious) guest administrator could cause a denial of service (DoS)<br/>in a backend domain (other than dom0) by disabling a paravirtualized<br/>device.<br/><br/>A malicious backend could cause DoS in a guest running a Linux kernel by<br/>disabling a paravirtualized device.<br/><br/>VULNERABLE SYSTEMS<br/>==================<br/><br/>All unprivileged guests running a Linux kernel of version 5.10 and later,<br/>or with the fixes for XSA-332, are vulnerable.<br/><br/>All guest types are vulnerable.<br/><br/>Only x86- and 64-bit Arm-guests are vulnerable.<br/><br/>Arm-guests running in 32-bit mode are not vulnerable.<br/><br/>Guests not using paravirtualized drivers are not vulnerable.<br/><br/>MITIGATION<br/>==========<br/><br/>There is no known mitigation.<br/><br/>CREDITS<br/>=======<br/><br/>This issue was discovered as a bug by Marek Marczykowski-Górecki of<br/>Invisible Things Lab; the security impact was recognised by Jürgen<br/>Groß of SUSE.<br/><br/>RESOLUTION<br/>==========<br/><br/>Applying the attached patch resolves this issue.<br/><br/>Note that patches for released versions are generally prepared to<br/>apply to the stable branches, and may not apply cleanly to the most<br/>recent release tarball. Downstreams are encouraged to update to the<br/>tip of the stable branch before applying these patches.<br/><br/>xsa441-linux.patch Linux<br/><br/>$ sha256sum xsa441*<br/>937406d86dd6dd3e389fdae726a25e5f0e960f7004c314e370cb2369d6715c24 xsa441-linux.patch<br/>$<br/><br/>DEPLOYMENT DURING EMBARGO<br/>=========================<br/><br/>Deployment of the patches and/or mitigations described above (or<br/>others which are substantially similar) on the host and on VMs being<br/>administered and used only by organisations which are members of the Xen<br/>Project Security Issue Predisclosure List is permitted during the embargo,<br/>even on public-facing systems with other untrusted guest users and<br/>administrators.<br/><br/>But: Distribution of updated software is prohibited (except to other<br/>members of the predisclosure list).<br/><br/>Predisclosure list members who wish to deploy significantly different<br/>patches and/or mitigations, please contact the Xen Project Security<br/>Team.<br/><br/>Deployment of patches or mitigations is NOT permitted on VMs being<br/>administered or used by organisations which are not members of the Xen<br/>Project Security Issue Predisclosure List. On those VMs deployment is<br/>permitted only AFTER the embargo ends.<br/><br/>(Note: this during-embargo deployment notice is retained in<br/>post-embargo publicly released Xen Project advisories, even though it<br/>is then no longer applicable. This is to enable the community to have<br/>oversight of the Xen Project Security Team&amp;#39;s decisionmaking.)<br/><br/>For more information about permissible uses of embargoed information,<br/>consult the Xen Project community&amp;#39;s agreed Security Policy:<br/> http://www.xenproject.org/security-policy.html<br/>-----BEGIN PGP SIGNATURE-----<br/><br/>iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmUlNOkMHHBncEB4ZW4u<br/>b3JnAAoJEIP+FMlX6CvZOmAH/3D7dRH11wIRyFZ/nj4pwkPfPXvCDtUmaRXfAaV4<br/>Xe9ODMSevcEQpSFW4VY6eK7DP6kqYMM7myoy+np8Ttnin7+y+PYUJkxM+liqhLyT<br/>fhGi74NNuQLMvGcSKp26aIHAJNtZqWFeRTlEFJHlY4S6ENRoupWd2T2qgnts00NX<br/>R4NzZ8yQFcsmvy9gqgq6MYoa2VIrhQlpiDPX81pA/HViv0GiXab1QSYTyI9jQ2EX<br/>WC19sELYSK2jMAjuejHlw28B+giy0KxcJv6zewn3Jwn8h3ft4AI1OIh4KfOtEad+<br/>wptYB87EM76Lr3B8ipFEvN4sSU1yBnE4iVOgZpAs74mylN8=<br/>=hOm2<br/>-----END PGP SIGNATURE-----<br/>Xenproject.org Security Team<br/><br/>

Xen 是一个开放源代码虚拟机监视器，由剑桥大学开发。它打算在单个计算机上运行多达100个满特征的操作系统。操作系统必须进行显式地修改（“移植”）以在Xen上运行（但是提供对用户应用的兼容性）。这使得Xen无需特殊硬件支持，就能达到高性能的虚拟化。

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34324">CVE-2023-34324</a></p>

暂无

暂无

http://xenbits.xen.org/xsa/advisory-441.html