Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 670858 (CVE-2018-18883, XSA-282) - <app-emulation/xen-{4.10.2-r1,4.11.0-r3}: multiple vulnerabilities (XSA-{278,282})
Summary: <app-emulation/xen-{4.10.2-r1,4.11.0-r3}: multiple vulnerabilities (XSA-{278,...
Status: RESOLVED FIXED
Alias: CVE-2018-18883, XSA-282
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-10 21:23 UTC by GLSAMaker/CVETool Bot
Modified: 2018-11-25 02:08 UTC (History)
2 users (show)

See Also:
Package list:
app-emulation/xen-pvgrub-4.10.2 amd64 x86 app-emulation/xen-tools-4.10.2-r1 amd64 x86 app-emulation/xen-4.10.2-r1 amd64
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-11-10 21:23:12 UTC
CVE-2018-18883 (https://nvd.nist.gov/vuln/detail/CVE-2018-18883):
  An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms,
  allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL
  pointer dereference) or possibly have unspecified other impact because
  nested VT-x is not properly restricted.


IMPACT
======

Guest software which blindly plays with the VT-x instructions can cause Xen to operate on uninitialised data.  As the backing memory is zeroed, this causes Xen to suffer a NULL pointer dereference, causing a host Denial of Service.

Other behaviours such as memory corruption or privilege escalation have not been ruled out.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-11 10:57:25 UTC
amd64 stable
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-12 01:16:30 UTC
x86 stable
Comment 3 Tomáš Mózes 2018-11-12 04:57:23 UTC
Please also stabilize app-emulation/xen-pvgrub on amd64, x86, thanks.
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-12 07:06:29 UTC
amd64 stable
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2018-11-13 05:41:37 UTC
XSA-282 - Awaiting CVE
https://xenbits.xen.org/xsa/advisory-282.html
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-15 15:51:42 UTC
x86 stable
Comment 7 D'juan McDonald (domhnall) 2018-11-25 01:32:26 UTC
(In reply to Yury German from comment #5)
>XSA-282 - Awaiting CVE 

CVE  	CVE-2017-17044 assigned.

 Xen Security Advisory XSA-282

             guest use of HLE constructs may lock up host

ISSUE DESCRIPTION
=================

Various Intel CPU models have an erratum listed under the title
"Processor May Hang When Executing Code In an HLE Transaction".  It
describes a potential hang when using instructions with the XACQUIRE
prefix on the host physical memory range covering the first 4 MiB
starting at the 1GiB boundary.

IMPACT
======

A malicious or buggy guest may cause a CPU to hang, resulting in a DoS
(Denial of Service) affecting the entire host.

VULNERABLE SYSTEMS
==================

All Xen versions are affected.

Only Intel based x86 systems are affected.  Please refer to Intel
documentation as to which specific CPU models are affected.

AMD x86 systems as well as Arm ones are not affected.

MITIGATION
==========

There is no known mitigation.  A BIOS update may be available for some
systems, working around the issue at the firmware level.

RESOLUTION
==========

Applying the appropriate pair of attached patches works around this issue
for the CPU models known to be affected at the time of writing.

xsa282-?.patch                              xen-unstable
xsa282-4.11-1.patch + xsa282-2.patch        Xen 4.11.x, Xen 4.10.x
xsa282-4.9-1.patch + xsa282-2.patch         Xen 4.9.x
xsa282-4.9-1.patch + xsa282-4.8-2.patch     Xen 4.8.x, Xen 4.7.x