Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508424 (CVE-2014-2915) - app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: Hardware features unintentionally exposed to guests on ARM (XSA-93) (CVE-2014-2915)
Summary: app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: Hardware features unintention...
Status: RESOLVED FIXED
Alias: CVE-2014-2915
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-22 15:44 UTC by Agostino Sarubbo
Modified: 2014-05-28 00:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-22 15:44:35 UTC 
From ${URL} :

                    Xen Security Advisory XSA-93

      Hardware features unintentionally exposed to guests on ARM

ISSUE DESCRIPTION
=================

When running on an ARM platform Xen was not correctly configuring the
hardware virtualisation platform and therefore did not prevent guests
from accessing various hardware features including cache control,
coprocessors, debug registers and various processor specific
registers.

IMPACT
======

By accessing these hardware facilities a malicious or buggy guest may
be able to cause various issues, including crashing the host, crashing
other guests (including control domains) and data corruption.

Privilege escalation is not thought to be possible but has not been
ruled out.

VULNERABLE SYSTEMS
==================

Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onwards.

x86 systems are not vulnerable.

MITIGATION
==========

None.

NOTE REGARDING LACK OF EMBARGO
==============================

This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.  The public mailing list thread
contains information strongly suggestive of a security bug and
included example code which can crash the host.

CREDITS
=======

The initial bug was discovered by Thomas Leonard and further followup
issues were discovered by Julien Grall.

RESOLUTION
==========

Applying the attached patches resolves this issue.

xsa93-unstable-{01..06}.patch        xen-unstable
xsa93-4.4-{01..06}.patch             Xen 4.4.x



@maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-04-28 19:25:28 UTC 
CVE-2014-2915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2915):
  Xen 4.4.x, when running on ARM systems, does not properly restrict access to
  hardware features, which allows local guest users to cause a denial of
  service (host or guest crash) via unspecified vectors, related to (1) cache
  control, (2) coprocessors, (3) debug registers, and (4) other unspecified
  registers.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-04-28 19:25:29 UTC 
CVE-2014-2915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2915):
  Xen 4.4.x, when running on ARM systems, does not properly restrict access to
  hardware features, which allows local guest users to cause a denial of
  service (host or guest crash) via unspecified vectors, related to (1) cache
  control, (2) coprocessors, (3) debug registers, and (4) other unspecified
  registers.
Comment 3 Yixun Lan archtester gentoo-dev 2014-05-10 00:07:11 UTC 
bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details)
xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-05-27 23:51:16 UTC 
Maintainer(s), Thank you for cleanup!

No GLSA needed as there are no stable versions for ARM.