Date: Wed, 23 Apr 2014 15:13:02 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-2986 / XSA-94 version 2 ARM hypervisor crash on guest interrupt controller access UPDATES IN VERSION 2 ==================== This issue has been assigned CVE-2014-2986. ISSUE DESCRIPTION ================= When handling a guest access to the virtual GIC distributor (interrupt controller) Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT ====== A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS ================== Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. x86 systems are not vulnerable. MITIGATION ========== None. NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= The initial bug was discovered by Thomas Leonard and the security aspect was diagnosed by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa94.patch xen-unstable, Xen 4.4.x $ sha256sum xsa94*.patch ad0f20577400756a1786daeafef86fa870727ec35b48f71f565e4a30dcbda58d xsa94.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTV9hdAAoJEIP+FMlX6CvZmDwH/2sBH/w9kPhOu+hdOAMX3dlb bmj1sLTehOKqEy8sZpDsCuJw8cRAIQn+xWPMDPj2lUggz5iVWHUgfs4Zk8o9l3qQ 9/RcnQQHFSw1Bu8lDLlH0FpE6R98ZcdX//PAviJewj10FiMOpIoBSzNpKLxst1IZ 5YPmBVCn6DfgsCjWYPPaGQMLtBWU/LbAPmpYUiIDywOd58OScekNL2hfKM0ZWzgo HPuB2DwpPsj7P43kuEJyXIHYLu00see+uEXXKd591mmznVtSXSrzVVaKPjeTfh9D WEGqCxOof5slzwofbMFflBL1SW6d6f0Llui/7cMEDITSXeCaP2wqMb34p/g68+w= =BNcq -----END PGP SIGNATURE----- Download attachment "xsa94.patch" of type "application/octet-stream" (1164 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.