[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen Security Advisory 101 (CVE-2014-4022) - information leak via gnttab_setup_table on ARM
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2014-4022 / XSA-101 version 3 information leak via gnttab_setup_table on ARM UPDATES IN VERSION 3 ==================== Provide the CVE. ISSUE DESCRIPTION ================= When initialising an internal data structure on ARM platform Xen was not correctly initialising the memory containing the list of a domain's grant table pages. This list is returned by the GNTTABOP_setup_table subhypercall, leading to an information leak. IMPACT ====== Malicious guest administrators can obtain some of the memory contents of other domains: Up to 8*max_nr_grant_frames bytes of uninitialised memory can be leaked to the calling domain. This memory may have been previously used by either the hypervisor or other guests. The default max_nr_grant_frames is 32, hence by default 256 bytes may be leaked in this way. However this can be overridden via the "gnttab_max_nr_frames" hypervisor command line option. VULNERABLE SYSTEMS ================== Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. MITIGATION ========== None. CREDITS ======= This issue was discovered by Julien Grall. RESOLUTION ========== Applying the attached patch resolves this issue. xsa101.patch xen-unstable, Xen 4.4.x $ sha256sum xsa101*.patch 12ea475265a0804a3a42f620d7065a7408a5ae4b017c871847424c7247c204e9 xsa101.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTsXKlAAoJEIP+FMlX6CvZAXwH/0Km16VstdF5P72chl3u9BsE aWLe8Xdb9lmPXiIWM+q2NN+Jp8tL08Ia4fyD1OC5zJqtf6TReI9qsBkzo2O6EfjF QdTluXrfYgkob0THsDW1Nd86wxy8UBLlz1dwu+jfKkYp9gMQgTtV1NNyrXEOwn1f vepA/V2kOVss7U5+OXqe10HOm+bK4Qs0vYwu1HnG/y6/I39eP2FXw8jMDSB1pKcJ 1/zBll+R+LVXsQbJbKA6vS9RJiOeMXY1b8y6ThduVuW+bq/RydyqoTb25XPqhHcV 6FaDe3JlncXvpJp4OEaAiHPyBqPRvNgr3WWW16lFGTtlLJdc+43/24WkrLfok6o= =srxg -----END PGP SIGNATURE----- Attachment:
xsa101.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |