Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 482138 (CVE-2013-3495) - <app-emulation/xen-{4.2.5-r8,4.4.2-r1}: MSI Interrupt Remapping Denial of Service Vulnerability (CVE-2013-3495)
Summary: <app-emulation/xen-{4.2.5-r8,4.4.2-r1}: MSI Interrupt Remapping Denial of Ser...
Status: RESOLVED FIXED
Alias: CVE-2013-3495
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/54341/
Whiteboard: A3 [glsa]
Keywords:
Depends on: 512294
Blocks:
  Show dependency tree
 
Reported: 2013-08-22 20:13 UTC by Agostino Sarubbo
Modified: 2015-04-11 20:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-22 20:13:19 UTC
From ${URL} :

Description

A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a 
guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling remappable MSI interrupts, which can be 
exploited to bypass the interrupt-remapping protection checks and cause a panic via SERR 
Non-Maskable Interrupts.

Successful exploitation requires a system using Intel VT-d for PCI passthrough with SERR enabled.

The vulnerability is reported in versions 3.3 and later.


Solution:
No official solution is currently available.

Provided and/or discovered by:
The vendor credits Gabor Pek, CrySyS Lab.

Original Advisory:
XSA-59:
http://www.openwall.com/lists/oss-security/2013/08/20/8


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 00:24:47 UTC
CVE-2013-3495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3495):
  The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows
  local guests to cause a denial of service (kernel panic) via a malformed
  Message Signaled Interrupt (MSI) from a PCI device that is bus mastering
  capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt
  (NMI).
Comment 2 Ian Delaney (RETIRED) gentoo-dev 2013-11-06 10:20:08 UTC
http://xenbits.xen.org/xsa/advisory-59.html

reads 

RESOLUTION
==========

There is currently no resolution to this issue.
Comment 3 Yixun Lan gentoo-dev 2014-06-11 01:53:53 UTC
this one has *not* been fixed in our portage, but there are patches from upstream, I'll processed, and let you know when finished.

commit b206157e9c65ecf2bb2402d2b08c214307ff988a
Author: Jan Beulich <jbeulich@suse.com>
Date:   Mon May 12 17:23:46 2014 +0200

    VT-d: suppress UR signaling for desktop chipsets
    
    Unsupported Requests can be signaled for malformed writes to the MSI
    address region, e.g. due to buggy or malicious DMA set up to that
    region. These should normally result in IOMMU faults, but don't on
    the desktop chipsets dealt with here.
    
    This is CVE-2013-3495 / XSA-59.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
    Acked-by: Don Dugger <donald.d.dugger@intel.com>
    Acked-by: Tim Deegan <tim@xen.org>
    Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
    master commit: d6cb14b34ffc2a830022d059f1aa22bf19dcf55f
    master date: 2014-04-25 12:12:38 +0200

commit a1f07c1e8fb1e5876a2bc079259ce67e3293fb72
Author: Jan Beulich <jbeulich@suse.com>
Date:   Mon May 12 17:21:37 2014 +0200

    VT-d: suppress UR signaling for server chipsets
    
    Unsupported Requests can be signaled for malformed writes to the MSI
    address region, e.g. due to buggy or malicious DMA set up to that
    region. These should normally result in IOMMU faults, but don't on
    the server chipsets dealt with here.
    
    IDs 0xe00, 0xe01, and 0xe04 ... 0xe0b (Ivytown) aren't needed here -
    Intel confirmed the issue to be fixed in hardware there.
    
    This is CVE-2013-3495 / XSA-59.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
    Acked-by: Don Dugger <donald.d.dugger@intel.com>
    Acked-by: Tim Deegan <tim@xen.org>
    Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
    master commit: d061d200eb92bcb1d86f9b55c6de73e35ce63fdf
Comment 4 Yixun Lan gentoo-dev 2014-06-14 07:24:02 UTC
fixed as part of bug 512572
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-06-16 03:53:20 UTC
Setting  bug 512294 as Primary (blocker) not 512572 since that one is ARM only and does not need to be stabilized.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-04-05 03:52:38 UTC
Maintainer(s), Thank you for you for cleanup.

Added to an existing GLSA Request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-04-11 20:37:15 UTC
This issue was resolved and addressed in
 GLSA 201504-04 at https://security.gentoo.org/glsa/201504-04
by GLSA coordinator Yury German (BlueKnight).