From ${URL} : Xen Security Advisory XSA-94 ARM hypervisor crash on guest interrupt controller access ISSUE DESCRIPTION ================= When handling a guest access to the virtual GIC distributor (interrupt controller) Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT ====== A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS ================== Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. x86 systems are not vulnerable. MITIGATION ========== None. NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ======= The initial bug was discovered by Thomas Leonard and the security aspect was diagnosed by Julien Grall. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa94.patch xen-unstable, Xen 4.4.x @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
CVE-2014-2986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2986): The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details) xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2
Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request.
Sorry my mistake. No GLSA needed as there are no stable versions - arm only, no stable versions.
