Date: Tue, 05 Sep 2023 12:13:10 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 437 v2 (CVE-2023-34321) - arm32: The cache may not be properly cleaned/invalidated -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2023-34321 / XSA-437 version 2 arm32: The cache may not be properly cleaned/invalidated UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. IMPACT ====== A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. VULNERABLE SYSTEMS ================== Systems running all version of Xen are affected. Only systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit is not affected. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Julien Grall of Amazon. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa437/xsa437.patch xen-unstable - Xen 4.17.x xsa437/xsa437-4.16.patch Xen 4.16.x - Xen 4.15.x $ sha256sum xsa437* xsa437*/* 259b872275d9d77fc1744df886ffe611d933889bb5ea2833f3c7d8f554eff061 xsa437.meta 31b1a4050403fc83d4ea7619155105001cfd2f739ceb0b0cc7212ab7d0b9d559 xsa437/xsa437.patch ada8ba64e8562ff6016d456e08b7a171ef356cf476c643df9f66b8650009115c xsa437/xsa437-4.16.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmTorfoMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZIv8H/1Grce6f0aytYn0WTXyMdEXtUCkaHQd/pkNkXTe4 uOfNTBM0z2m6MUBATFNUyTiBqm+I8ywZWDp5UVW8nD2YF2hEIGrhdkDMK+cQg98q iZ+RW4W0cIjZFTbYXRRUm6RPhp31cx4kvTHKk2+imD1bTa/4SVFyDy2ps5ybim9b 1QnPw2+Kbvd2orx6VHpCjnpTqsElRRA1phN9t87UZhgFBCeeatYizHNNqUrvBZXg UPsB3ERyxAyMqET82jGboUfwmjpctr1I+p9UvEvY9aViSXy+SMnNi84fFSzBrOXr EaKUg0glvV3uaNwbvJQfmgkhDUOwXN/ySO7Hcu7QpfmUn70= =2wxR -----END PGP SIGNATURE----- Download attachment "xsa437.meta" of type "application/octet-stream" (1099 bytes) Download attachment "xsa437/xsa437.patch" of type "application/octet-stream" (4739 bytes) Download attachment "xsa437/xsa437-4.16.patch" of type "application/octet-stream" (4714 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.