Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 540068 (CVE-2015-0268)

Summary: app-emulation/xen: vgic-v2: GICD_SGIR is not properly emulated (CVE-2015-0268)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2015/02/12/14
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-02-14 16:00:55 UTC
From ${URL} :

            Xen Security Advisory CVE-2015-0268 / XSA-117
                              version 2

           arm: vgic-v2: GICD_SGIR is not properly emulated

UPDATES IN VERSION 2
====================

CVE assigned.

Mention CVE and XSA numbers in patch commit message.

Public release.

ISSUE DESCRIPTION
=================

When decoding a guest write to a specific register in the virtual
interrupt controller Xen would treat an invalid value as a critical
error and crash the host.

IMPACT
======

By writing an invalid value to the GICD.SGIR register a guest can
crash the host, resulting in a Denial of Service attack.

VULNERABLE SYSTEMS
==================

Xen 4.5 and later systems running on ARM hardware with version 2 of
the generic interrupt controller are vulnerable.

Systems running on ARM hardware with version 3 of the generic
interrupt controller are not vulnerable.

x86 systems are not affected.

MITIGATION
==========

None.

CREDITS
=======

This issue was discovered by Julien Grall.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa117.patch        Xen 4.5.x, xen-unstable



@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Yixun Lan gentoo-dev 2015-04-05 01:35:26 UTC
only ARCH=arm affected, and this is already solved in recent version.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-04-05 03:38:35 UTC
CVE-2015-0268 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0268):
  The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running
  on ARM hardware with general interrupt controller (GIC) version 2, allows
  local guest users to cause a denial of service (host crash) by writing an
  invalid value to the GICD.SGIR register.