Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508510 (CVE-2014-2986) - <app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: ARM hypervisor crash on guest interrupt controller access (XSA-94) (CVE-2014-2986)
Summary: <app-emulation/xen-{4.2.4-r2,4.3.2-r2,4.4.0-r2}: ARM hypervisor crash on gues...
Status: RESOLVED FIXED
Alias: CVE-2014-2986
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-23 14:06 UTC by Agostino Sarubbo
Modified: 2014-05-28 00:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-23 14:06:33 UTC
From ${URL} :

                    Xen Security Advisory XSA-94

      ARM hypervisor crash on guest interrupt controller access

ISSUE DESCRIPTION
=================

When handling a guest access to the virtual GIC distributor (interrupt
controller) Xen could dereference a pointer before checking it for
validity leading to a hypervisor crash and host Denial of Service.

IMPACT
======

A buggy or malicious guest can crash the host.

VULNERABLE SYSTEMS
==================

Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward.

x86 systems are not vulnerable.

MITIGATION
==========

None.

NOTE REGARDING LACK OF EMBARGO
==============================

This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.

CREDITS
=======

The initial bug was discovered by Thomas Leonard and the security
aspect was diagnosed by Julien Grall.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa94.patch        xen-unstable, Xen 4.4.x



@maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-04-28 19:25:15 UTC
CVE-2014-2986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2986):
  The vgic_distr_mmio_write function in the virtual guest interrupt controller
  (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM
  system, allows local guest users to cause a denial of service (NULL pointer
  dereference and host crash) via unspecified vectors.
Comment 2 Yixun Lan gentoo-dev 2014-05-10 00:07:16 UTC
bug fixed in versions, and only ARCH=arm affected, (see comments in bug 509054 for more details)
xen-4.4.0-r2 xen-4.3.2-r2 xen-4.2.4-r2
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-05-27 23:46:56 UTC
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-05-27 23:53:41 UTC
Sorry my mistake.

No GLSA needed as there are no stable versions - arm only, no stable versions.