Date: Thu, 05 Mar 2015 12:19:08 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security@....org> Subject: Xen Security Advisory 122 (CVE-2015-2045) - Information leak through version information hypercall -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-2045 / XSA-122 version 3 Information leak through version information hypercall UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. MITIGATION ========== There is no mitigation available for this issue. CREDITS ======= This issue was discovered by Aaron Adams of NCC Group. RESOLUTION ========== Applying the attached patch resolves this issue. xsa122.patch xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa122*.patch 13404ef363ee347db1571ee91afaa962a68e616a7596c2441a29e26f6db9ec47 xsa122.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJU+EmQAAoJEIP+FMlX6CvZZxIIAJVuGIRZ1dEiX1VPY71dZ52t CSIBfHMpynwxT7oUwbw/Akk3d1M/uAV/8QvM1DoG9//U6hQgZfY5UVn3Ihp1k7Fy BitDKdDn3T10ys/URtotX+8+Alm1diM/6sIrAF5kG3IBf0VCkEaV5jVI0ZIuee5u AOHhj9HJN9bPRGSTlNlkRx0Tjlw8Worrluex2romagALxLEXYejOM8syuQl5qSFj VdqhNvmZV23664ZTrgSZxU17O+AajMNi+M9sYUFSPfAA8VHu42G7Ox4CqY7pxyg7 b9g2BgVVWRkZIhZPYeEr3RcxNP7wITAeFYP18c48VBd6gmHYK9sSwwSoXgYGuwE= =ddMG -----END PGP SIGNATURE----- Download attachment "xsa122.patch" of type "application/octet-stream" (1456 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.