Xen官网安全更新（2023-10-10）

xenstored: A transaction conflict can crash C Xenstored

<br/><br/><br/>XSA-440 - Xen Security Advisories<br/><br/><br/><br/>InformationAdvisory XSA-440Public release 2023-10-10 11:26Updated 2023-10-10 11:26Version 3CVE(s) CVE-2023-34323Title xenstored: A transaction conflict can crash C XenstoredFilesadvisory-440.txt (signed advisory file)xsa440.metaxsa440-4.17.patchAdvisory-----BEGIN PGP SIGNED MESSAGE-----<br/>Hash: SHA256<br/><br/> Xen Security Advisory CVE-2023-34323 / XSA-440<br/> version 3<br/><br/> xenstored: A transaction conflict can crash C Xenstored<br/><br/>UPDATES IN VERSION 3<br/>====================<br/><br/>Public release.<br/><br/>ISSUE DESCRIPTION<br/>=================<br/><br/>When a transaction is committed, C Xenstored will first check<br/>the quota is correct before attempting to commit any nodes. It would<br/>be possible that accounting is temporarily negative if a node has<br/>been removed outside of the transaction.<br/><br/>Unfortunately, some versions of C Xenstored are assuming that the<br/>quota cannot be negative and are using assert() to confirm it. This<br/>will lead to C Xenstored crash when tools are built without -DNDEBUG<br/>(this is the default).<br/><br/>IMPACT<br/>======<br/><br/>A malicious guest could craft a transaction that will hit the C<br/>Xenstored bug and crash it. This will result to the inability to<br/>perform any further domain administration like starting new guests,<br/>or adding/removing resources to or from any existing guest.<br/><br/>VULNERABLE SYSTEMS<br/>==================<br/><br/>All versions of Xen up to and including 4.17 are vulnerable if XSA-326<br/>was ingested.<br/><br/>All Xen systems using C Xenstored are vulnerable. C Xenstored built<br/>using -DNDEBUG (can be specified via EXTRA_CFLAGS_XEN_TOOLS=-DNDEBUG)<br/>are not vulnerable. Systems using the OCaml variant of Xenstored are<br/>not vulnerable.<br/><br/>MITIGATION<br/>==========<br/><br/>The problem can be avoided by using OCaml Xenstored variant.<br/><br/>CREDITS<br/>=======<br/><br/>This issue was discovered by Stanislav Uschakow and Julien Grall, all<br/>from Amazon.<br/><br/>RESOLUTION<br/>==========<br/><br/>Applying the appropriate attached patch resolves this issue.<br/><br/>Note that patches for released versions are generally prepared to<br/>apply to the stable branches, and may not apply cleanly to the most<br/>recent release tarball. Downstreams are encouraged to update to the<br/>tip of the stable branch before applying these patches.<br/><br/>xsa440-4.17.patch Xen 4.17.x - Xen 4.15.x.<br/><br/>$ sha256sum xsa440*<br/>187b7edef4f509f3d7ec1662901fa638a900ab4213447438171fb2935f387014 xsa440.meta<br/>431dab53baf2b57a299d1a151b330b62d9a007715d700e8515db71ff813d0037 xsa440-4.17.patch<br/>$<br/><br/>DEPLOYMENT DURING EMBARGO<br/>=========================<br/><br/>Deployment of the patches and/or mitigations described above (or<br/>others which are substantially similar) is permitted during the<br/>embargo, even on public-facing systems with untrusted guest users and<br/>administrators.<br/><br/>But: Distribution of updated software is prohibited (except to other<br/>members of the predisclosure list).<br/><br/>Predisclosure list members who wish to deploy significantly different<br/>patches and/or mitigations, please contact the Xen Project Security<br/>Team.<br/><br/>(Note: this during-embargo deployment notice is retained in<br/>post-embargo publicly released Xen Project advisories, even though it<br/>is then no longer applicable. This is to enable the community to have<br/>oversight of the Xen Project Security Team&amp;#39;s decisionmaking.)<br/><br/>For more information about permissible uses of embargoed information,<br/>consult the Xen Project community&amp;#39;s agreed Security Policy:<br/> http://www.xenproject.org/security-policy.html<br/>-----BEGIN PGP SIGNATURE-----<br/><br/>iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmUlNOMMHHBncEB4ZW4u<br/>b3JnAAoJEIP+FMlX6CvZy64IAIZBqlKJAGVeGMzSpuJfkP2YXLe9JNeR46HRG90e<br/>mV94MWmsf+4kMu2ZhnXQaR2+lafjNfAQVdh9nXV0tdJu//yzLRfXnLfFWrroqBTS<br/>g69/9zvgGRYvobHe6X/WmLwXCV8N27q04zLK7R9nYwntw2mJBBCvUfRPVHk/6lpH<br/>4Ke6o0XbjmOjForl2PA3ISRqXKD5nB0pWp1cEfPt3PzCUV02kI/N3veWDRN2wyPN<br/>jclvwlVVASJdCrcs0+NlOalN5XhD9+K5RN+VVGu3dchXpaa3qEOiTc/V5T1U5cX8<br/>pqNqUBlo4ECFLygE2aUTITIX+dpLaGYD8rmFq0CPnsB6E5U=<br/>=6W84<br/>-----END PGP SIGNATURE-----<br/>Xenproject.org Security Team<br/><br/>

Xen 是一个开放源代码虚拟机监视器，由剑桥大学开发。它打算在单个计算机上运行多达100个满特征的操作系统。操作系统必须进行显式地修改（“移植”）以在Xen上运行（但是提供对用户应用的兼容性）。这使得Xen无需特殊硬件支持，就能达到高性能的虚拟化。

<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34323">CVE-2023-34323</a></p>

暂无

暂无

http://xenbits.xen.org/xsa/advisory-440.html