Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 497082 (CVE-2013-6400) - <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: IOMMU TLB flushing may be inadvertently suppressed (XSA-80) (CVE-2013-6400)
Summary: <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: IOMMU TLB flushing may be inadvertent...
Alias: CVE-2013-6400
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2014-01-05 02:18 UTC by Chris Reffett (RETIRED)
Modified: 2014-07-16 16:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Chris Reffett (RETIRED) gentoo-dev Security 2014-01-05 02:18:42 UTC
From ${URL}:

An internal flag is used to temporarily suppress IOMMU TLB flushes, in
order to consolidate multiple single page flushes into one wider
flush.  This flag is not cleared again, on certain error paths.  This
can result in TLB flushes not happening when they are needed.
Retaining stale TLB entries could allow guests access to memory that
ought to have been revoked, or grant greater access than intended.

Patch available, see
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2014-01-05 02:20:26 UTC
Whoops, hit post too early. Patch is at Calling this B4, info leak.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-01-05 02:20:30 UTC
CVE-2013-6400 (
  Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been
  assigned, does not clear the flag that suppresses IOMMU TLB flushes when
  unspecified errors occur, which causes the TLB entries to not be flushed and
  allows local guest administrators to cause a denial of service (host crash)
  or gain privileges via unspecified vectors.
Comment 3 Samuel Damashek (RETIRED) gentoo-dev 2014-01-05 02:27:00 UTC
Per the Secunia advisory (, it appears this vulnerability, when successfully exploited, can be used by malicious local users to gain escalated privileges. Thus, escalating this to B1.
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2014-01-17 02:44:34 UTC
*xen-4.3.1-r3 (06 Jan 2014)
*xen-4.3.0-r6 (06 Jan 2014)

  06 Jan 2014; Ian Delaney <>
  +files/xen-CVE-2013-4554-XSA-76.patch, +files/xen-CVE-2013-6400-XSA-80.patch,
  +xen-4.3.0-r6.ebuild, +xen-4.3.1-r3.ebuild:
  add new sec patches, revbumps, patches prepared by dlan
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-01-20 18:50:50 UTC
Are we ready to stabilize the versions that are committed?
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-05-21 03:28:13 UTC
Fixed as part of Bug 500530.

Adding to existing GLSA.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:46:29 UTC
This issue was resolved and addressed in
 GLSA 201407-03 at
by GLSA coordinator Mikle Kolyada (Zlogene).