Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 499124 (CVE-2014-1666) - <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Denial of Service via unsecured PHYSDEVOP_{prepare,release}_msix (XSA-87) (CVE-2014-1666)
Summary: <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Denial of Service via unsecured PHYSD...
Status: RESOLVED FIXED
Alias: CVE-2014-1666
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-24 14:06 UTC by Chris Reffett (RETIRED)
Modified: 2014-07-16 16:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Reffett (RETIRED) gentoo-dev Security 2014-01-24 14:06:45 UTC
From ${URL}:

The PHYSDEVOP_{prepare,release}_msix operations are supposed to be available
to privileged guests (domain 0 in non-disaggregated setups) only, but the
necessary privilege check was missing.

IMPACT
======

Malicious or misbehaving unprivileged guests can cause the host or other
guests to malfunction. This can result in host-wide denial of service.
Privilege escalation, while seeming to be unlikely, cannot be excluded.

Patches available at http://xenbits.xen.org/xsa/advisory-87.html
Comment 1 Yixun Lan gentoo-dev 2014-01-24 15:45:07 UTC
fixed, patch included in following versions

app-emulation/xen-4.2.2-r3
app-emulation/xen-4.3.1-r4
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-01-27 12:36:54 UTC
*** Bug 499428 has been marked as a duplicate of this bug. ***
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 18:27:49 UTC
CVE-2014-1666 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666):
  The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and
  4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix
  and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to
  cause a denial of service (host or guest malfunction) or possibly gain
  privileges via unspecified vectors.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-05-21 03:31:49 UTC
Fixed as part of Bug 500530.

Adding to existing GLSA.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:46:40 UTC
This issue was resolved and addressed in
 GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).