Xen Security Advisory XSA-201 ARM guests may induce host asynchronous abort ISSUE DESCRIPTION ================= Depending on how the hardware and firmware have been integrated, guest-triggered asynchronous aborts (SError on ARMv8) may be received by the hypervisor. The current action is to crash the host. A guest might trigger an asynchronous abort when accessing memory mapped hardware in a non-conventional way. Even if device pass-through has not been configured, the hypervisor may give the guest access to memory mapped hardware in order to take advantage of hardware virtualization. IMPACT ====== A malicious guest may be able to crash the host. VULNERABLE SYSTEMS ================== All Xen versions which support ARM are potentially affected. Whether a particular ARM systems is affected depends on technical details of the hardware and/or firmware. x86 systems are not affected. MITIGATION ========== On systems where the guest kernel is controlled by the host rather than guest administrator, running only kernels which do not expose MMIO to userspace will prevent untrusted guest users from exploiting this issue. However untrusted guest administrators can still trigger it unless further steps are taken to prevent them from loading code into the kernel (e.g by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. NOTE REGARDING LACK OF EMBARGO ============================== The issue was discussed publicly (and has been fixed already in KVM in public trees). CREDITS ======= This issue was discovered by ARM engineering personnel. RESOLUTION ========== Applying the appropriate set of attached patched resolves this issue. xsa201-[1234].patch Xen-unstable xsa201-[12].patch } xsa201-3-4.7.patch } Xen 4.7.x, Xen 4.6.x xsa201-4.patch }
Fixed ebuilds are now in Gentoo repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ac9b49f20aa4f7c140134b16808f6984cf7002c @ Maintainer(s): Thanks for the bump. Can we start stabilization of =app-emulation/xen-4.6.4-r2?
sure, here we go! let's also combile bug #600662 (XSA-199) together Arches, please test and mark stable: =app-emulation/xen-4.6.4-r2 Target keyword only: "amd64" =app-emulation/xen-tools-4.6.4-r3 Target keywords: "amd64 x86"
x86 stable
amd64 stable. Maintainer(s), please cleanup.
GLSA Vote: No
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201612-56 at https://security.gentoo.org/glsa/201612-56 by GLSA coordinator Thomas Deutschmann (whissi).