Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 499124 (CVE-2014-1666)

Summary: <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Denial of Service via unsecured PHYSDEVOP_{prepare,release}_msix (XSA-87) (CVE-2014-1666)
Product: Gentoo Security Reporter: Chris Reffett (RETIRED) <creffett>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: dlan, xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2014/01/24/4
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Chris Reffett (RETIRED) gentoo-dev Security 2014-01-24 14:06:45 UTC
From ${URL}:

The PHYSDEVOP_{prepare,release}_msix operations are supposed to be available
to privileged guests (domain 0 in non-disaggregated setups) only, but the
necessary privilege check was missing.

IMPACT
======

Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.

Patches available at http://xenbits.xen.org/xsa/advisory-87.html
Comment 1 Yixun Lan archtester gentoo-dev 2014-01-24 15:45:07 UTC
fixed, patch included in following versions

app-emulation/xen-4.2.2-r3
app-emulation/xen-4.3.1-r4
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-01-27 12:36:54 UTC
*** Bug 499428 has been marked as a duplicate of this bug. ***
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 18:27:49 UTC
CVE-2014-1666 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666):
  The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and
  4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix
  and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to
  cause a denial of service (host or guest malfunction) or possibly gain
  privileges via unspecified vectors.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-05-21 03:31:49 UTC
Fixed as part of Bug 500530.

Adding to existing GLSA.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:46:40 UTC
This issue was resolved and addressed in
 GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).