Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 766474 (CVE-2021-3308, XSA-360)

Summary: <app-emulation/xen-{4.13.2-r4,4.14.1}: host DoS via malicious guest (XSA-360, CVE-2021-3308)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hydrapolic, proxy-maint, xen
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://markmail.org/message/bcic2rku2hg4dafb
See Also: https://github.com/gentoo/gentoo/pull/19128
https://github.com/gentoo/gentoo/pull/19330
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-01-22 02:45:05 UTC 
XSA-360:

ISSUE DESCRIPTION
=================

A x86 HVM guest with PCI pass through devices can force the allocation
of all IDT vectors on the system by rebooting itself with MSI or MSI-X
capabilities enabled and entries setup.

Such reboots will leak any vectors used by the MSI(-X) entries that the
guest might had enabled, and hence will lead to vector exhaustion on the
system, not allowing further PCI pass through devices to work properly.

IMPACT
======

HVM guests with PCI pass through devices can mount a Denial of Service (DoS)
attack affecting the pass through of PCI devices to other guests or the
hardware domain.  In the latter case this would affect the entire host.

VULNERABLE SYSTEMS
==================

Xen versions 4.12.3, 4.12.4, and all versions from 4.13.1 onwards are
vulnerable.  Xen version 4.13.0 and all versions up to 4.12.2 are not
affected.

Only x86 systems running HVM guests with PCI pass through devices are
vulnerable.


Patch at $URL, please apply it if there's no release addressing this.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-01 23:11:52 UTC 
Please proceed with stabilization when ready, thanks!
Comment 2 NATTkA bot gentoo-dev 2021-02-01 23:12:54 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-02-03 16:08:54 UTC 
All sanity-check issues have been resolved
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-04 14:09:26 UTC 
amd64 done

all arches done
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-04 14:52:10 UTC 
Not sure how I missed CCing maintainers...

Please cleanup.
Comment 6 Larry the Git Cow gentoo-dev 2021-02-04 22:27:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=307e92ec30fa21aafd600f9788a23d6cb759c357

commit 307e92ec30fa21aafd600f9788a23d6cb759c357
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-02-04 19:08:56 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-02-04 22:23:39 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/766474
    Bug: https://bugs.gentoo.org/760144
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   4 -
 app-emulation/xen/xen-4.13.2-r2.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.13.2-r3.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.14.0-r7.ebuild | 165 ---------------------------------
 4 files changed, 499 deletions(-)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-06 02:51:36 UTC 
GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-07-12 02:50:53 UTC 
This issue was resolved and addressed in
 GLSA 202107-30 at https://security.gentoo.org/glsa/202107-30
by GLSA coordinator Sam James (sam_c).