[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-announce] Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare, release}_msix exposed to unprivileged guests



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2014-1666 / XSA-87
                              version 2

     PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests

UPDATES IN VERSION 2
====================

CVE assigned.

ISSUE DESCRIPTION
=================

The PHYSDEVOP_{prepare,release}_msix operations are supposed to be available
to privileged guests (domain 0 in non-disaggregated setups) only, but the
necessary privilege check was missing.

IMPACT
======

Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.

VULNERABLE SYSTEMS
==================

Xen 4.1.5 and 4.1.6.1 as well as 4.2.2 and later are vulnerable.
Xen 4.2.1 and 4.2.0 as well as 4.1.4 and earlier are not vulnerable.

Only PV guests can take advantage of this vulnerability.

MITIGATION
==========

Running only HVM guests will avoid this issue.

There is no mitigation available for PV guests.

NOTE REGARDING LACK OF EMBARGO
==============================

This issue was disclosed publicly on the xen-devel mailing list.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa87-unstable-4.3.patch    xen-unstable, Xen 4.3.x
xsa87-4.2.patch             Xen 4.2.x
xsa87-4.1.patch             Xen 4.1.x

$ sha256sum xsa87*.patch
45e5cc892626293067cc088a671a6bbdc18b018f54ff09b6a1cbb1fabbdf114d  
xsa87-4.1.patch
df9c1507d7bb0e5266a2fadd992d1e6ed0f7bf5be7466b8a93ed3bd8e3ab8e8d  
xsa87-4.2.patch
a13ce270b177d33537d627b85471abaa01215cd458541f4c6524914d7c81eb38  
xsa87-unstable-4.3.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJS4ojJAAoJEIP+FMlX6CvZKpsH/3lVDKRMvFVkaHVPt1uRhqQo
HxBDflm//lR5M8j8364rRSknSv8X2m/JfKJ7DCbX0WQWPrIU/i8MzTHM9fQqLvAR
QYEhXYZC+ctkqk/sUvQaxOkyu8bNszuIOlWM9GuH2OnFN68zSl7kXiX7KZ5dHoYQ
eNAjQeCXNaXTiSo3X3ZIFwZOlpkUj+NxJnZlZx5Hb/m5WH86FeqBNMi/jZB/i53F
LFu7rhJ4rq25jbfuLp1ISBs5GA+71pNRvhukHijQHks1fApKhqmUiDhrBYX21l/Y
5GJLG6L3sYdScjoeHu+QH0akwTC5L+BauMLMWljJOTKvL0p2yU/vDc2JMjXXnzk=
=morx
-----END PGP SIGNATURE-----

Attachment: xsa87-4.1.patch
Description: Binary data

Attachment: xsa87-4.2.patch
Description: Binary data

Attachment: xsa87-unstable-4.3.patch
Description: Binary data

_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
http://lists.xen.org/xen-announce

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.