|
Message-Id: <E1Wcyr8-0001eE-Nk@xenbits.xen.org>
Date: Wed, 23 Apr 2014 15:13:02 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash
on guest interrupt controller access
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xen Security Advisory CVE-2014-2986 / XSA-94
version 2
ARM hypervisor crash on guest interrupt controller access
UPDATES IN VERSION 2
====================
This issue has been assigned CVE-2014-2986.
ISSUE DESCRIPTION
=================
When handling a guest access to the virtual GIC distributor (interrupt
controller) Xen could dereference a pointer before checking it for
validity leading to a hypervisor crash and host Denial of Service.
IMPACT
======
A buggy or malicious guest can crash the host.
VULNERABLE SYSTEMS
==================
Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward.
x86 systems are not vulnerable.
MITIGATION
==========
None.
NOTE REGARDING LACK OF EMBARGO
==============================
This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.
CREDITS
=======
The initial bug was discovered by Thomas Leonard and the security
aspect was diagnosed by Julien Grall.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
xsa94.patch xen-unstable, Xen 4.4.x
$ sha256sum xsa94*.patch
ad0f20577400756a1786daeafef86fa870727ec35b48f71f565e4a30dcbda58d xsa94.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTV9hdAAoJEIP+FMlX6CvZmDwH/2sBH/w9kPhOu+hdOAMX3dlb
bmj1sLTehOKqEy8sZpDsCuJw8cRAIQn+xWPMDPj2lUggz5iVWHUgfs4Zk8o9l3qQ
9/RcnQQHFSw1Bu8lDLlH0FpE6R98ZcdX//PAviJewj10FiMOpIoBSzNpKLxst1IZ
5YPmBVCn6DfgsCjWYPPaGQMLtBWU/LbAPmpYUiIDywOd58OScekNL2hfKM0ZWzgo
HPuB2DwpPsj7P43kuEJyXIHYLu00see+uEXXKd591mmznVtSXSrzVVaKPjeTfh9D
WEGqCxOof5slzwofbMFflBL1SW6d6f0Llui/7cMEDITSXeCaP2wqMb34p/g68+w=
=BNcq
-----END PGP SIGNATURE-----
Download attachment "xsa94.patch" of type "application/octet-stream" (1164 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.