Date: Mon, 02 Dec 2013 17:14:09 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue as not publicly known because it was not evident from the public sources that this erratum constitutes a vulnerability (particularly, that it was a vulnerability in relation to some Xen configurations). Since then, the fact that this CPU erratum is likely to constitute a security problem has been publicly disclosed, on the oss-security mailing list. Under the circumstances, and in accordance with the Xen Project security vulnerability policy, it has been decided that it is no longer appropriate to retain the embargo, as the key facts are now in the open. ISSUE DESCRIPTION ================= AMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== The vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs. Such CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen. HVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s). Non-AMD CPUs are not vulnerable. CREDITS ======= This issue's security impact was discovered by Jan Beulich. MITIGATION ========== This issue can be avoided by neither running HVM guests, nor assigning PCI devices to PV guests. RESOLUTION ========== The attached patch contains a software workaround which resolves this issue. Alternatively, the recommended workaround can be implemented in firmware, so a suitable firmware update will resolve the issue. If you require a firmware update please consult your vendor. xsa82.patch Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable $ sha256sum xsa82*.patch 0a58f3564ca91fd2668c202446c607fdb1ec8643e558a3921046d43675f58c08 xsa82.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSnL+JAAoJEIP+FMlX6CvZw6gIAKqUkevFcn14iRT7g6iiTjbw Fq9oiu/RtSmPDS/8FkAW6vdhYTe5cA6wCxUbErp/oZ6IwtlAmbZUQ2oVrfw8Tep/ G1hpLDkGLeRD4sqPB3Yj/RS8MUWlZhX3H9FwJLzhDqFaGiVAOHe3zl/OgwMFEnUx PYSxdgPeiU3gavpJcDd5JamID+wLkihXMOHFKtdziOZsEAuv2lhIBSCamOVc638m vRMtE4LbcUCv80EvvMxtrUDkt+M+TS2JfQK+09mr5/hFkyicoeEawYLgeWUbuNhj CWbcKdyat6GauvhL46NE/aWlbUqSXHc8jcIdCDM2pRK1NR86qJiMC5av5EcPjOo= =V/Az -----END PGP SIGNATURE----- Download attachment "xsa82.patch" of type "application/octet-stream" (1390 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.