Xen project Mailing List

[Xen-devel] Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Mon, 30 Sep 2013 12:04:15 +0000

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Mon, 30 Sep 2013 12:04:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-4355 / XSA-63 version 3 Information leaks through I/O instruction emulation UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= Insufficient or missing error handling in certain routines dealing with guest memory reads can lead to uninitialized data on the hypervisor stack (potentially containing sensitive data from prior work the hypervisor performed) being copied to guest visible storage. This allows a malicious HVM guest to craft certain operations (namely, but not limited to, port or memory mapped I/O writes) involving physical or virtual addresses that have no actual memory associated with them, so that hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious HVM guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. Only HVM guests can take advantage of this vulnerability. MITIGATION ========== Running only PV guests will avoid this issue. CREDITS ======= This issue was discovered by Coverity Scan and diagnosed by Andrew Cooper & Tim Deegan. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa63.patch Xen 4.2.x, 4.3.x, and unstable $ sha256sum xsa63*.patch 32fa93d8ebdfbe85931c52010bf9e561fdae8846462c5b1f2fbc217ca36f3005 xsa63.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSSUhEAAoJEIP+FMlX6CvZGUsH/13jBs/EU8H/mqXCO7gQXIrm tPp/gsjxxxhVrwOjmmJZShQ8CWU8T3zL0RKaaGBJzAd+imnXQdb+il1vkNYT8edH zSB9WN3o/WNu7bzlhm3ro67WlwhXSY2yea7Bj/9bg2//T5RgoXsewX+LbCAJ3Z44 fflCQsCuvpl77oIcftIe5rcJAtHR4Jb5/4Ps+MzxI52oS3m2BGXv/qOTpDfy7qsp 7j/219hChnGVoZ1u/2m0i1789/9tYWM7jFbvqVYH6yHTEgk1ds8Cnn/uHQ8zXjKI CW8E5HGKOHOpTtJjDF0h3OqcK8vG7qKgHULDziXV//QWPP3uH/dAQCjQO9uS8r4= =RilU -----END PGP SIGNATURE-----

Attachment: xsa63.patch
Description: Binary data

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.