Summary: | <app-emulation/xen-4.13.2-r3: multiple vulnerabilities (XSA-{348..359}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hydrapolic, proxy-maint, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/18676 https://github.com/gentoo/gentoo/pull/19330 |
||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Tomáš Mózes
2020-12-16 09:36:31 UTC
x86 stable amd64 done all arches done XSA-348: A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. XSA-349: A malicious guest can trigger an OOM in backends. XSA-350: A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privileged escalation and information leak cannot be ruled out. XSA-351: An unprivileged guest administrator can sample platform power/energy data. This may be used to infer the operations/data used by other contexts within the system. The research demonstrates using this sidechannel to leak the AES keys used elsewhere in the system. XSA-352: A malicious guest administrator can cause denial of service, against a specific guest or against the whole host. XSA-353: A guest administrator can deny service to the whole system simply by deleting the whole of xenstore. Additionally, depending on other software in use, privilege escalation may be possible. With the default "xl" toolstack, a guest administrator can escalate their privilege to that of the host. XSA-354: A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. XSA-356: A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. XSA-357: Seems to be unpublished, got a 404 here: https://xenbits.xenproject.org/xsa/advisory-357.html XSA-358: Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. XSA-359: Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Seems to be a couple vulnerabilities here that will allow escalating into the host, so B1. Please cleanup. Ping. Please cleanup 4.13.2-r2 is still vulnerable, right? Seems like cleanup was missed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=307e92ec30fa21aafd600f9788a23d6cb759c357 commit 307e92ec30fa21aafd600f9788a23d6cb759c357 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-02-04 19:08:56 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-02-04 22:23:39 +0000 app-emulation/xen: drop vulnerable Bug: https://bugs.gentoo.org/766474 Bug: https://bugs.gentoo.org/760144 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen/Manifest | 4 - app-emulation/xen/xen-4.13.2-r2.ebuild | 165 --------------------------------- app-emulation/xen/xen-4.13.2-r3.ebuild | 165 --------------------------------- app-emulation/xen/xen-4.14.0-r7.ebuild | 165 --------------------------------- 4 files changed, 499 deletions(-) Unable to check for sanity:
> no match for package: app-emulation/xen-4.13.2-r3
GLSA request filed. This issue was resolved and addressed in GLSA 202107-30 at https://security.gentoo.org/glsa/202107-30 by GLSA coordinator Sam James (sam_c). |