Date: Thu, 28 Sep 2017 17:26:20 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-245 ARM: Some memory not scrubbed at boot NOTE REGARDING LACK OF EMBARGO ============================== This bug was discussed publicly before it was realised that it was a security vulnerability. ISSUE DESCRIPTION ================= Data can remain readable in DRAM across soft and even hard reboots. To ensure that sensitive data is not leaked from one domain to another after a reboot, Xen must "scrub" all memory on boot (write it with zeroes). Unfortunately, it was discovered that when memory was in disjoint blocks, or when the first block didn't begin at physical address 0, arithmetic errors meant that some memory was not scrubbed. IMPACT ====== Sensitive information from one domain before a reboot might be visible to another domain after a reboot. VULNERABLE SYSTEMS ================== Only ARM systems are vulnerable. All versions of Xen since 4.5 are vulnerable. Only hardware with disjoint blocks, or physical addresses not starting at 0 are vulnerable; this includes the majority of ARM systems. MITIGATION ========== None. RESOLUTION ========== Applying the appropriate attached patches resolves this issue. xsa245/*.patch All versions of Xen $ sha256sum xsa245* xsa245*/* 121829263b85fcb5eac8e38fb44e77d3aab1dd7ae6ef665bf84bb49e5e161d24 xsa245.meta 526f9e1b127fbb316762ce8e8f4563bc9de0c55a1db581456a3017d570d35bdd xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch 7164010112fcccd9cd88e72ace2eeabdb364dd6f4d05c434686267d18067f420 xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZzTANAAoJEIP+FMlX6CvZHk4IAJpF4ruPkFKdCgsQ/ljjrpxO 8CVQFVwxTLtLZGUB1ZP0nFntkT/FnhDo870EmDvjPZTq3MmQwlPwVhgPqmF+tsTC aMecUftEJxHm6cSRLYiIGEphGbJZR6utjTKd7l0ddni5QtnzUED8mE5WFAq4aLrS y8FHuyghE6nwBXEMhRiDYYZ2X0MeMeTisc/0s1Loe002zcpw0RUlmys21Uzzd1Xv t4n5e4RDMLUNpfpY3o4UVWcJJi55Bpxw9ke4IMExlNSbYR5qQeNigDT0CcE1bv6n mNwlADAUKT4t/K1fyk6XJLFIdzHt5NVmN2O9cYKt6voVMu1r1dh3TgiAffAJsxk= =Pi1Y -----END PGP SIGNATURE----- Download attachment "xsa245.meta" of type "application/octet-stream" (2549 bytes) Download attachment "xsa245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in.patch" of type "application/octet-stream" (1650 bytes) Download attachment "xsa245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du.patch" of type "application/octet-stream" (2600 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ