Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 501906 (CVE-2013-6885)

Summary: <app-emulation/xen-{4.2.4-r1,4.3.2-r1,4.4.0-r1}: Guest triggerable AMD CPU erratum may cause host hang (CVE-2013-6885) (XSA-82)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: idella4, xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2014/02/19/6
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-02-20 16:02:20 UTC 
From ${URL} :


             Xen Security Advisory CVE-2013-6885 / XSA-82
                              version 4

          Guest triggerable AMD CPU erratum may cause host hang

UPDATES IN VERSION 4
====================

The original fix for 4.2.x and 4.1.x was found to deal with 64-bit
hypervisors only. Incremental patches to also address 32-bit ones are
now being provided in addition.

ISSUE DESCRIPTION
=================

AMD CPU erratum 793 "Specific Combination of Writes to Write Combined
Memory Types and Locked Instructions May Cause Core Hang" describes a
situation under which a CPU core may hang.

IMPACT
======

A malicious guest administrator can mount a denial of service attack
affecting the whole system.

VULNERABLE SYSTEMS
==================

The vulnerability is applicable only to family 16h model 00h-0fh AMD
CPUs.

Such CPUs running Xen versions 3.3 onwards are vulnerable.  We have
not checked earlier versions of Xen.

HVM guests can always exploit the vulnerability if it is present.
PV guests can exploit the vulnerability only if they have been granted
access to physical device(s).

Non-AMD CPUs are not vulnerable.

CREDITS
=======

This issue's security impact was discovered by Jan Beulich.

MITIGATION
==========

This issue can be avoided by neither running HVM guests, nor assigning
PCI devices to PV guests.

RESOLUTION
==========

The attached xsa82.patch contains a software workaround which resolves
this issue for 64-bit hypervisors. To also resolve the issue on 32-bit
hypervisors (Xen 4.2.x and 4.1.x only), the respective attached
xsa82-4.?-32bit.patch needs to be applied on top.

Alternatively, the recommended workaround can be implemented in
firmware, so a suitable firmware update will resolve the issue.
If you require a firmware update please consult your vendor.

xsa82.patch             Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable
xsa82-4.1-32bit.patch   Xen 4.1.x
xsa82-4.2-32bit.patch   Xen 4.2.x



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-05-28 00:00:21 UTC 
Is this fixed in release big bug fix Bug 500530?
Comment 2 Yixun Lan archtester gentoo-dev 2014-05-28 02:43:53 UTC 
yes, this bug is already fixed, first addressed in bug 500530 (for 4.2.3), later also included in bug #505714 (for version 4.2.4)
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-05-29 05:09:33 UTC 
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:47:02 UTC 
This issue was resolved and addressed in
 GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).