Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 25 Feb 2015 11:15:53 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 118 (CVE-2015-1563) - arm: vgic: incorrect
 rate limiting of guest triggered logging

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Xen Security Advisory CVE-2015-1563 / XSA-118
                              version 2

    arm: vgic: incorrect rate limiting of guest triggered logging

UPDATES IN VERSION 2
====================

CVE assigned.

ISSUE DESCRIPTION
=================

On ARM systems the code which deals with virtualising the GIC
distributor would, under various circumstances, log messages on a
guest accessible code path without appropriate rate limiting.

IMPACT
======

A malicious guest could cause repeated logging to the hypervisor
console, leading to a Denial of Service attack.

VULNERABLE SYSTEMS
==================

Xen 4.4 and later systems running on ARM hardware are vulnerable.

x86 systems are not affected.

MITIGATION
==========

The problematic log messages are issued with priority Warning.

Therefore they can be rate limited by adding "loglvl=error/warning" to the
hypervisor command line or suppressed entirely by adding "loglvl=error".

NOTE REGARDING LACK OF EMBARGO
==============================

This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.

CREDITS
=======

This issue was discovered by Julien Grall.

RESOLUTION
==========

Applying the appropriate attached patch(es) resolves this issue.

xsa118-unstable-4.5-{1,2}.patch       xen-unstable, Xen 4.5.x
xsa118-4.4.patch                      Xen 4.4.x

$ sha256sum xsa118*.patch
5741cfe408273bd80e1a03c21a5650f963d7103fd022c688730f55dcf5373433  xsa118-4.4.patch
ee24a4c5e12b67d7539f08b644080c87797f31b4402215cd4efbbc6114bffc25  xsa118-4.5-unstable-1.patch
bd532e3cd535fcdea51f43631a519012baff068cb62d2205fc25f2c823f031eb  xsa118-4.5-unstable-2.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJU7a6RAAoJEIP+FMlX6CvZR7UH/3zahTQv65m5AZCtXcihzjjd
EuTAnc9I1yPcHqyEDgilVsDHCM25R7TA7Fn++sYTkIvzcUAwEfJDhEJxy5SOfWFo
pAVbuV8p/0iKOjsufJgY40nNGyhLknPH2p+deH6P039th0X2CdnFpxSHkewjSJQH
OTdeLUt2jfvsBBO/ufOH3z1fc+L/L119PDbcAmhiX9JzS4UeqsE9zKzDa/LfwXCm
uL5Ggk99zuyNs3xaun6zQfRErFel0qXLIl36MIiyFXtyElD0liO5h15EjityoeXH
6ZVoAex459R9Xrr3f5snoFVazzBfCwnchmMCFqpRNfH7l8VNkdzav3HoUKAbMU8=
=8ydP
-----END PGP SIGNATURE-----

Download attachment "xsa118-4.4.patch" of type "application/octet-stream" (4777 bytes)

Download attachment "xsa118-4.5-unstable-1.patch" of type "application/octet-stream" (10235 bytes)

Download attachment "xsa118-4.5-unstable-2.patch" of type "application/octet-stream" (4902 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.