Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 515106 (CVE-2014-4022)

Summary: <app-emulation/xen-4.4.0-r5: information leak via gnttab_setup_table on ARM (XSA-101) (CVE-2014-4022)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2014/06/25/5
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-06-25 15:51:25 UTC
From ${URL} :

                    Xen Security Advisory XSA-101
                            version 2

            information leak via gnttab_setup_table on ARM

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

When initialising an internal data structure on ARM platform Xen was
not correctly initialising the memory containing the list of a
domain's grant table pages. This list is returned by the
GNTTABOP_setup_table subhypercall, leading to an information leak.

IMPACT
======

Malicious guest administrators can obtain some of the memory contents
of other domains:

Up to 8*max_nr_grant_frames bytes of uninitialised memory can be
leaked to the calling domain. This memory may have been previously
used by either the hypervisor or other guests.

The default max_nr_grant_frames is 32, hence by default 256 bytes may
be leaked in this way.  However this can be overridden via the
"gnttab_max_nr_frames" hypervisor command line option.

VULNERABLE SYSTEMS
==================

Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward.

MITIGATION
==========

None.

CREDITS
=======

This issue was discovered by Julien Grall.

RESOLUTION
==========

Applying the attached patch resolves this issue.

xsa101.patch        xen-unstable, Xen 4.4.x



@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Yixun Lan gentoo-dev 2014-07-09 06:37:09 UTC
+*xen-4.4.0-r5 (09 Jul 2014)
+*xen-4.3.2-r4 (09 Jul 2014)
+*xen-4.2.4-r4 (09 Jul 2014)
+
+  09 Jul 2014; Yixun Lan <dlan@gentoo.org> +xen-4.2.4-r4.ebuild,
+  +xen-4.3.2-r4.ebuild, +xen-4.4.0-r5.ebuild:
+  bump stable/security patches, fix bug 515106, 513824
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-07-10 04:56:46 UTC
CVE-2014-4022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4022):
  The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when
  running on an ARM platform, does not properly initialize the structure
  containing the grant table pages for a domain, which allows local guest
  administrators to obtain sensitive information via the GNTTABOP_setup_table
  subhypercall.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-07-10 04:58:12 UTC
Maintainer(s), Thank you for cleanup!

No GLSA needed as there are no stable versions.