Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 500528

Summary: <app-emulation/xen-{4.2.3,4.3.1-r5}: Off-by-one error in FLASK_AVC_CACHESTAT (XSA-85) (CVE-2014-1895)
Product: Gentoo Security Reporter: Chris Reffett (RETIRED) <creffett>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: idella4
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Chris Reffett (RETIRED) gentoo-dev Security 2014-02-06 14:52:41 UTC
From ${URL}:


The FLASK_AVC_CACHESTAT hypercall, which provides access to per-cpu
statistics on the Flask security policy, incorrectly validates the
CPU for which statistics are being requested.


An attacker can cause the hypervisor to read past the end of an
array. This may result in either a host crash, leading to a denial of
service, or access to a small and static region of hypervisor memory,
leading to an information leak.

Patch available at
Comment 1 Ian Delaney (RETIRED) gentoo-dev 2014-02-07 09:42:13 UTC
this bug could have / should have been combined with 500536.
They both patch the common file flask_op.c.

*xen-4.3.1-r5 (07 Feb 2014)
*xen-4.2.2-r4 (07 Feb 2014)

  07 Feb 2014; Ian Delaney <>
  +files/xen-4.3-CVE-2014-263-XSA-84-85.patch, +xen-4.2.2-r4.ebuild,
  +xen-4.3.1-r5.ebuild, -xen-4.2.2-r3.ebuild, -xen-4.3.1-r4.ebuild:
  revbumps; Sec patches XSA 84, 85 added wrt Sec. Bugs #500536, 500528, rm old
Comment 2 Yixun Lan archtester gentoo-dev 2014-02-13 08:44:29 UTC
Arches team please stable following ebuilds

x86, amd64:

amd64 only
Comment 3 Yixun Lan archtester gentoo-dev 2014-02-13 15:04:02 UTC
(In reply to Yixun Lan from comment #2)
> Arches team please stable following ebuilds
> x86, amd64:
> app-emulation/xen-4.2.2-r4
> amd64 only
> app-emulation/xen-4.3.1-r5

please do not stable 
we found a few security patches are not included, besides there is new 4.2.3 release we'd like to roll out and plus the missing sec patches.

for app-emulation/xen-4.3.1-r5 still good to go, please stable it, thanks

also see bug #500530
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-02-13 23:53:46 UTC
Ok so that we do not call for stabilization on both bugs I am just going to set the dependency on bug 500530 since it has a higher whiteboard priority.
Comment 5 Yixun Lan archtester gentoo-dev 2014-02-14 10:23:16 UTC
bump to xen-4.2.3, see bug #500530 for more info. and if everything goes well this version will be stable candidate for 4.2.x branch. thanks.
Comment 6 Yixun Lan archtester gentoo-dev 2014-02-15 23:20:28 UTC
request to stable app-emulation/xen-4.3.1-r5, for amd64 only, since I've seen xen-tools-4.3.1-r5 already goes stable, and we should really stable them together.

and please do *not* close the bug at the moment, since we still need to handle for version 4.2.x serial (probably 4.2.3, but we will see).
Comment 7 Agostino Sarubbo gentoo-dev 2014-02-16 06:40:27 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2014-02-16 20:00:13 UTC
Setting whiteboard to  "stable?" 

Still need to stable version app-emulation/xen-4.2.x

Please advise when ready to stabilize 4.2.X and what version to stable.
Comment 9 Yixun Lan archtester gentoo-dev 2014-02-19 03:31:16 UTC
please stable 

also stable app-emulation/xen-tools-4.2.3-r1 (see bug #500530)
Comment 10 Ian Delaney (RETIRED) gentoo-dev 2014-02-19 15:45:44 UTC
To complete the set, please add on the oft' forgotten xen-pvgrub-4.2.3.
This will clear the patch to purge 4.2.2.
Comment 11 Agostino Sarubbo gentoo-dev 2014-02-20 10:25:17 UTC
amd64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2014-02-20 10:25:31 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-04-28 19:26:43 UTC
CVE-2014-1895 (
  Off-by-one error in the flask_security_avc_cachestats function in
  xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of
  physical CPUs are in use, allows local users to cause a denial of service
  (host crash) or obtain sensitive information from hypervisor memory by
  leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2014-05-21 02:49:33 UTC
Multiple vulnerabilities as part of Xen, Xen-tools reclassifying as B2 (based on vulnerabilities described in Bug 500530).

Adding to existing GLSA
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:46:42 UTC
This issue was resolved and addressed in
 GLSA 201407-03 at
by GLSA coordinator Mikle Kolyada (Zlogene).