Bug 198995 - app-emulation/xen CR4 TSC and DR7 DoS (CVE-2007-{5907,5906})
Bug#: 198995 (CVE-2007-5906) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/28405/
Summary: app-emulation/xen CR4 TSC and DR7 DoS (CVE-2007-{5907,5906})
Keywords:  
Status Whiteboard: ~3 [noglsa]
Opened: 2007-11-12 23:39 0000
Description:   Opened: 2007-11-12 23:39 0000 
CVE-2007-5907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907):
  Xen 3.1.1 does not prevent modification of the CR4 TSC from applications,
  which allows pv guests to cause a denial of service (crash).

------- Comment #1 From Robert Buchholz 2007-11-12 23:39:57 0000 ------- 
xen, please advise :-)

------- Comment #2 From Robert Buchholz 2007-11-12 23:41:01 0000 ------- 
CVE-2007-5906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906):
  Xen 3.1.1 allows virtual guest system users to cause a denial of service
  (hypervisor crash) by using a debug register (DR7) to set certain
breakpoints.

------- Comment #3 From Micheal Marineau 2007-11-16 23:52:23 0000 ------- 
Xen 3.1.2 has been released and include the debug register fix, I will have it
in the portage tree soon. As for the TSC issue, the patch "x86: allow pv guests
to disable TSC for applications" was only committed to the unstable branch
(will be xen 3.2) and not included in 3.1.2. I'm not sure why. The provided
patch does not apply to the 3.1.2 branch either.

------- Comment #4 From Pierre-Yves Rofes 2007-12-09 00:01:39 0000 ------- 
xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other
issue.

------- Comment #5 From Robert Buchholz 2008-01-10 13:52:44 0000 ------- 
*** Bug 205206 has been marked as a duplicate of this bug. ***

------- Comment #6 From Pierre-Yves Rofes 2008-05-07 22:08:09 0000 ------- 
(In reply to comment #4)
> xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other
> issue.
> 

xen herd: 3.2 is now in portage, does it include the fix?

------- Comment #7 From Micheal Marineau 2008-05-07 22:57:57 0000 ------- 
(In reply to comment #6)
> (In reply to comment #4)
> > xen-3.1.2 now in portage, but still waiting for 3.2 series to fix the other
> > issue.
> > 
> 
> xen herd: 3.2 is now in portage, does it include the fix?
> 

Oops, forgot to comment on this. Yes it includes the fix.

------- Comment #8 From Robert Buchholz 2008-05-08 07:53:05 0000 ------- 
Thanks, closing then.