Date: Fri, 22 Feb 2019 17:42:52 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 283 v2 - Withdrawn Xen Security Advisory number -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-283 version 2 Withdrawn Xen Security Advisory number SUMMARY ======= The advisory XSA-283 has been withdrawn. This is because, on further analysis, we have determined that the advisory was issued in error: there is no security issue. UPDATES IN VERSION 2 ==================== Advisory withdrawn. DESCRIPTION =========== XSA-283 stated: VT-d: Incorrect accesses into the Interrupt Remapping table A VT-d IOMMU has several tables in main RAM, which are configured by the driver when it starts. The tables are required to be aligned on a 4k boundary, and the control registers in the IOMMU which point to them use the bottom 12 bits for additional metadata. Unfortunately, Xen's VT-d driver includes this metadata in its base pointer to the table, resulting in incorrect calculations when indexing into the table. Upon closer inspection, due to the particular way the calculations are implemented, the "metadata" components end up being eliminated without affecting the final result. IMPLICATIONS ============ XSA-283 does not describe any security or functional issue. The previously declared embargo for XSA-283 is vacated. Anyone who has information relating to XSA-283 may publish it. NB: there are other advisories are with the same embargo date. Those advisories stand, and their embargoes REMAIN IN FORCE. STATUS OF THE PATCHES ===================== The patch previously published under embargo in XSA-283 is not necessary. However, it is harmless; indeed it improves code clarity and is likely to be included in future Xen releases in some form. In the interests of transparency, the patch is attached: $ sha256sum xsa283* 97069456b91064450b6da1e9834f0ab91270f3b93962ca66f2eb9315cf133055 xsa283.patch-withdrawn $ There is no need to apply this patch. If you have already applied it, there is no need to revert it. CREDITS ======= Thanks to Pawel Wieczorkiewicz and Uwe Dannowski, both of Amazon, for pointing out that there was no actual security issue. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlxwNH8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ9TkH/iGiPQgUhfvBOQamhBAbeCJ4877+lM+HSln3UiUy hBvsA6mQCOsNKS2qUXQ8txE2w459V6DYbsmqFPRXLAaF7B+QMK6zPfICxwbCkyii 24qoITatBKvPpEhqzoM6VvkjpuUOi9+n41d/JVcyE53yAuA4R+bR9c36cz1j+j8J Sd1Betvb5C51V6VQXjL/2zVb/v/fz5tuutIDC+jc7J1eHi7rN31TqizvuF19DQUu YvSyUjfX2tSlzSp2oJ/uG1wZrAd0Ah+scViSZd6FUsCZyCiHsU02kG0zKfhXCsQ2 +3UkI+WylK2n664uUJAtvvYBkpnGejg224jqasrzGhjZASI= =+3TC -----END PGP SIGNATURE----- Download attachment "xsa283.patch-withdrawn" of type "application/octet-stream" (4752 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.