Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 519802 (CVE-2014-5148) - <app-emulation/xen-4.4.0-r6: Flaw in handling unknown system register access from 64-bit userspace on ARM (XSA-103) (CVE-2014-5148)
Summary: <app-emulation/xen-4.4.0-r6: Flaw in handling unknown system register access ...
Status: RESOLVED FIXED
Alias: CVE-2014-5148
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-13 09:09 UTC by Agostino Sarubbo
Modified: 2014-11-03 15:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-08-13 09:09:56 UTC
From ${URL} :

              Xen Security Advisory CVE-2014-5148 / XSA-103
                                version 3

 Flaw in handling unknown system register access from 64-bit userspace on ARM

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

When handling an unknown system register access from 64-bit userspace
Xen would incorrectly return to the second instruction of the trap
handler for faults in kernel space rather than the first instruction
of the trap handler for faults in 64-bit userspace.

Any user in a guest which is running a 64-bit kernel who is able to
spawn a 64-bit process can cause a trap to the kernel to be taken at
an unexpected (but not user controlled) exception address.

Known versions of Linux in the default configuration will Oops and kill the
offending process, and therefore avoid this vulnerability. However local
configuration may turn such an Oops into a kernel panic, and therefore a
guest denial of service.

IMPACT
======

Depending on the guest kernel implementation, kernel crash (guest DoS)
or privilege elevation to that of the guest kernel cannot be ruled
out.

This issue does not enable an attack on the host.

VULNERABLE SYSTEMS
==================

64-bit ARM systems may be vulnerable, depending on the guest kernel.

All versions of Linux released by Linux upstream to date avoid this
vulnerability.  Systems based on modified versions of Linux may be
vulnerable.

32-bit ARM systems, and X86 systems, are not vulnerable.

MITIGATION
==========

There is no known mitigation for this issue.

CREDITS
=======

This issue was reported as a bug by Riku Voipio, discovered via
Linaro's LAVA testing and was diagnosed as a security issue by Ian
Campbell.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

The patch for XSA-103 (specifically, xsa102-*-02.patch) must be
applied first.

xsa103-unstable.patch        xen-unstable
xsa103-4.4.patch             Xen 4.4.x



@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Comment 1 Yixun Lan gentoo-dev 2014-08-19 14:18:56 UTC
fixed in app-emulation/xen-4.4.0-r6, vulnerable version has been cleaned. and I'm closing this bug. thanks.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-11-03 15:33:09 UTC
CVE-2014-5148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5148):
  Xen 4.4.x, when running on an ARM system and "handling an unknown system
  register access from 64-bit userspace," returns to an instruction of the
  trap handler for kernel space faults instead of an instruction that is
  associated with faults in 64-bit userspace, which allows local guest users
  to cause a denial of service (crash) and possibly gain privileges via a
  crafted process.