Date: Thu, 12 Feb 2015 17:41:27 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2: GICD_SGIR is not properly emulated -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-0268 / XSA-117 version 2 arm: vgic-v2: GICD_SGIR is not properly emulated UPDATES IN VERSION 2 ==================== CVE assigned. Mention CVE and XSA numbers in patch commit message. Public release. ISSUE DESCRIPTION ================= When decoding a guest write to a specific register in the virtual interrupt controller Xen would treat an invalid value as a critical error and crash the host. IMPACT ====== By writing an invalid value to the GICD.SGIR register a guest can crash the host, resulting in a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen 4.5 and later systems running on ARM hardware with version 2 of the generic interrupt controller are vulnerable. Systems running on ARM hardware with version 3 of the generic interrupt controller are not vulnerable. x86 systems are not affected. MITIGATION ========== None. CREDITS ======= This issue was discovered by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa117.patch Xen 4.5.x, xen-unstable $ sha256sum xsa117*.patch 5d7c1ec3bd604ed49999a56fefeebda1206f424b1b48c0e44899f13bc1e55cd0 xsa117.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJU3OW0AAoJEIP+FMlX6CvZePcH/06WboLULU7JEfvzFqpnxpQV XmNXCuvjcOt4d/w77a78kq8Bw8RUiDHR3f6qb+sJeNsJ1V55o0/KGgydEu+DqoF7 3bftmPDvuBcqoF3+7KupjRp0sBU+11Q/Jtb+P/0ZtVReFKGxmpg8kBura56rL3wf iL1kMA4V0Kd4abmXXr6yUJMQuI19OZSQ43Zo7F9kOomyc7lcKB6vhnMtCiXw1F9Y zfnyP1V1s5h77juSe01pQhEqjDlKv/NNkfJav6s7eVYVbJAwFgUP2vOZ14t2dR+o 5M8PPwF6EFBm421Z1D67caBh1ovGzeywZcrCl8nxuex+dqwomLymIMaL0P/fY6g= =edQs -----END PGP SIGNATURE----- Download attachment "xsa117.patch" of type "application/octet-stream" (1378 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.