From ${URL} : Description A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling remappable MSI interrupts, which can be exploited to bypass the interrupt-remapping protection checks and cause a panic via SERR Non-Maskable Interrupts. Successful exploitation requires a system using Intel VT-d for PCI passthrough with SERR enabled. The vulnerability is reported in versions 3.3 and later. Solution: No official solution is currently available. Provided and/or discovered by: The vendor credits Gabor Pek, CrySyS Lab. Original Advisory: XSA-59: http://www.openwall.com/lists/oss-security/2013/08/20/8 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-3495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3495): The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).
http://xenbits.xen.org/xsa/advisory-59.html reads RESOLUTION ========== There is currently no resolution to this issue.
this one has *not* been fixed in our portage, but there are patches from upstream, I'll processed, and let you know when finished. commit b206157e9c65ecf2bb2402d2b08c214307ff988a Author: Jan Beulich <jbeulich@suse.com> Date: Mon May 12 17:23:46 2014 +0200 VT-d: suppress UR signaling for desktop chipsets Unsupported Requests can be signaled for malformed writes to the MSI address region, e.g. due to buggy or malicious DMA set up to that region. These should normally result in IOMMU faults, but don't on the desktop chipsets dealt with here. This is CVE-2013-3495 / XSA-59. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Don Dugger <donald.d.dugger@intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Xiantao Zhang <xiantao.zhang@intel.com> master commit: d6cb14b34ffc2a830022d059f1aa22bf19dcf55f master date: 2014-04-25 12:12:38 +0200 commit a1f07c1e8fb1e5876a2bc079259ce67e3293fb72 Author: Jan Beulich <jbeulich@suse.com> Date: Mon May 12 17:21:37 2014 +0200 VT-d: suppress UR signaling for server chipsets Unsupported Requests can be signaled for malformed writes to the MSI address region, e.g. due to buggy or malicious DMA set up to that region. These should normally result in IOMMU faults, but don't on the server chipsets dealt with here. IDs 0xe00, 0xe01, and 0xe04 ... 0xe0b (Ivytown) aren't needed here - Intel confirmed the issue to be fixed in hardware there. This is CVE-2013-3495 / XSA-59. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Don Dugger <donald.d.dugger@intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Xiantao Zhang <xiantao.zhang@intel.com> master commit: d061d200eb92bcb1d86f9b55c6de73e35ce63fdf
fixed as part of bug 512572
Setting bug 512294 as Primary (blocker) not 512572 since that one is ARM only and does not need to be stabilized.
Maintainer(s), Thank you for you for cleanup. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201504-04 at https://security.gentoo.org/glsa/201504-04 by GLSA coordinator Yury German (BlueKnight).