Xen project Mailing List

[Xen-announce] Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Wed, 23 Apr 2014 15:13:02 +0000

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Wed, 23 Apr 2014 15:15:22 +0000

List-id: "Xen announcements $low volume$" <xen-announce.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-2986 / XSA-94 version 2 ARM hypervisor crash on guest interrupt controller access UPDATES IN VERSION 2 ==================== This issue has been assigned CVE-2014-2986. ISSUE DESCRIPTION ================= When handling a guest access to the virtual GIC distributor (interrupt controller) Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT ====== A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS ================== Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. x86 systems are not vulnerable. MITIGATION ========== None. NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= The initial bug was discovered by Thomas Leonard and the security aspect was diagnosed by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa94.patch xen-unstable, Xen 4.4.x $ sha256sum xsa94*.patch ad0f20577400756a1786daeafef86fa870727ec35b48f71f565e4a30dcbda58d xsa94.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTV9hdAAoJEIP+FMlX6CvZmDwH/2sBH/w9kPhOu+hdOAMX3dlb bmj1sLTehOKqEy8sZpDsCuJw8cRAIQn+xWPMDPj2lUggz5iVWHUgfs4Zk8o9l3qQ 9/RcnQQHFSw1Bu8lDLlH0FpE6R98ZcdX//PAviJewj10FiMOpIoBSzNpKLxst1IZ 5YPmBVCn6DfgsCjWYPPaGQMLtBWU/LbAPmpYUiIDywOd58OScekNL2hfKM0ZWzgo HPuB2DwpPsj7P43kuEJyXIHYLu00see+uEXXKd591mmznVtSXSrzVVaKPjeTfh9D WEGqCxOof5slzwofbMFflBL1SW6d6f0Llui/7cMEDITSXeCaP2wqMb34p/g68+w= =BNcq -----END PGP SIGNATURE-----

Attachment: xsa94.patch
Description: Binary data

_______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxx http://lists.xen.org/xen-announce

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.