Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WGAQe-0003PS-Bl@xenbits.xen.org>
Date: Wed, 19 Feb 2014 16:55:24 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD
 CPU erratum may cause host hang

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-6885 / XSA-82
                              version 4

          Guest triggerable AMD CPU erratum may cause host hang

UPDATES IN VERSION 4
====================

The original fix for 4.2.x and 4.1.x was found to deal with 64-bit
hypervisors only. Incremental patches to also address 32-bit ones are
now being provided in addition.

ISSUE DESCRIPTION
=================

AMD CPU erratum 793 "Specific Combination of Writes to Write Combined
Memory Types and Locked Instructions May Cause Core Hang" describes a
situation under which a CPU core may hang.

IMPACT
======

A malicious guest administrator can mount a denial of service attack
affecting the whole system.

VULNERABLE SYSTEMS
==================

The vulnerability is applicable only to family 16h model 00h-0fh AMD
CPUs.

Such CPUs running Xen versions 3.3 onwards are vulnerable.  We have
not checked earlier versions of Xen.

HVM guests can always exploit the vulnerability if it is present.
PV guests can exploit the vulnerability only if they have been granted
access to physical device(s).

Non-AMD CPUs are not vulnerable.

CREDITS
=======

This issue's security impact was discovered by Jan Beulich.

MITIGATION
==========

This issue can be avoided by neither running HVM guests, nor assigning
PCI devices to PV guests.

RESOLUTION
==========

The attached xsa82.patch contains a software workaround which resolves
this issue for 64-bit hypervisors. To also resolve the issue on 32-bit
hypervisors (Xen 4.2.x and 4.1.x only), the respective attached
xsa82-4.?-32bit.patch needs to be applied on top.

Alternatively, the recommended workaround can be implemented in
firmware, so a suitable firmware update will resolve the issue.
If you require a firmware update please consult your vendor.

xsa82.patch             Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable
xsa82-4.1-32bit.patch   Xen 4.1.x
xsa82-4.2-32bit.patch   Xen 4.2.x

$ sha256sum xsa82*.patch
b0fb0289e1da965bc038993e07af4ba78cb746ed8f1a1865f5fec9de7299faa7  xsa82-4.1-32bit.patch
18f2ba14131975b45688e3c5f4c0a85bd78cf089c3d83ae81f86e149b8c538d6  xsa82-4.2-32bit.patch
0a58f3564ca91fd2668c202446c607fdb1ec8643e558a3921046d43675f58c08  xsa82.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTBOHNAAoJEIP+FMlX6CvZ6TIIAMS1oTljW2yAB9daiY5P0UBf
u4X+NTUUUO6DiKLakBFjmS01oB7pApSCHmnqUqgFXlbo8KJsz3qtCLWe+IHH0Kex
8ofL/pDedcHm7bSkXCcncz8xVCqPbPrgVV+bwDXHru65/jxf0XDvPRT9af4N2eGY
wlngDFDaWLuozjOqp2mtaOSiqbUc2r43BOalMl6om2BFbF8BEBpPBkcLRxUvsQX0
noZMbknQ36mb0/+dC+pHCUfcUuLquaGNx+I+UF4HXSUdxhVniCD8hzmDxRR9i5Dn
S/g9z72LDF0cISL2K4B/iwRiCjOozHqbNimSAWuWTgj3dAWu8dClI3SQyFpOgxY=
=ie9o
-----END PGP SIGNATURE-----

Download attachment "xsa82-4.1-32bit.patch" of type "application/octet-stream" (1341 bytes)

Download attachment "xsa82-4.2-32bit.patch" of type "application/octet-stream" (1352 bytes)

Download attachment "xsa82.patch" of type "application/octet-stream" (1390 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.