From ${URL} : Xen Security Advisory XSA-93 Hardware features unintentionally exposed to guests on ARM ISSUE DESCRIPTION ================= When running on an ARM platform Xen was not correctly configuring the hardware virtualisation platform and therefore did not prevent guests from accessing various hardware features including cache control, coprocessors, debug registers and various processor specific registers. IMPACT ====== By accessing these hardware facilities a malicious or buggy guest may be able to cause various issues, including crashing the host, crashing other guests (including control domains) and data corruption. Privilege escalation is not thought to be possible but has not been ruled out. VULNERABLE SYSTEMS ================== Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onwards. x86 systems are not vulnerable. MITIGATION ========== None. NOTE REGARDING LACK OF EMBARGO ============================== This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. The public mailing list thread contains information strongly suggestive of a security bug and included example code which can crash the host. CREDITS ======= The initial bug was discovered by Thomas Leonard and further followup issues were discovered by Julien Grall. RESOLUTION ========== Applying the attached patches resolves this issue. xsa93-unstable-{01..06}.patch xen-unstable xsa93-4.4-{01..06}.patch Xen 4.4.x @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
CVE-2014-2915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2915): Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.
bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details) xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2
Maintainer(s), Thank you for cleanup! No GLSA needed as there are no stable versions for ARM.