655544 – (CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262) <app-emulation/xen-4.10.1: multiple vulnerabilities (XSA-{258,259,261,262})

Bug 655544 (CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262) - <app-emulation/xen-4.10.1: multiple vulnerabilities (XSA-{258,259,261,262})

Summary: <app-emulation/xen-4.10.1: multiple vulnerabilities (XSA-{258,259,261,262})

Status:	RESOLVED FIXED

Alias:	CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+ cve]
Keywords:

Depends on:	XSA-268, XSA-269, XSA-272, XSA-273
Blocks:
	Show dependency tree

Reported:	2018-05-12 00:18 UTC by tonemgub
Modified:	2018-10-30 21:06 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/9217
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tonemgub 2018-05-12 00:18:22 UTC

CVE-2018-10471
http://openwall.com/lists/oss-security/2018/04/30/2 
A malicious or buggy guest may cause a hypervisor crash, resulting in
a Denial of Service (DoS) affecting the entire host.

CVE-2018-10472
http://openwall.com/lists/oss-security/2018/04/30/1 
An attacker supplying a crafted CDROM image can read any file (or
device node) on the dom0 filesystem with the permissions of the qemu
devicemodel process. (The virtual CDROM device is read-only, so
no data can be written.)


CVE-2018-10981
http://openwall.com/lists/oss-security/2018/05/11/1 
A malicious unprivileged device model can cause a Denial of Service
(DoS) affecting the entire host. Specifically, it may prevent use of a
physical CPU for an indeterminate period of time.


* CVE-2018-10982 *
http://openwall.com/lists/oss-security/2018/05/11/2
A malicious or buggy HVM guest may cause a hypervisor crash, resulting
in a Denial of Service (DoS) affecting the entire host.
- Privilege escalation, or information leaks, cannot be excluded.

Xen has provided patches for each.

Reproducible: Always

Comment 1 D'juan McDonald (domhnall) 2018-06-21 21:43:49 UTC

See also: Bug 655188 

https://xenbits.xen.org/xsa/advisory-262.html Addresses CVE-2018-10981

https://xenbits.xen.org/xsa/advisory-261.html Addresses CVE-2018-10982

Comment 2 Larry the Git Cow gentoo-dev

2018-07-17 11:07:21 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec669947a76c8f65210a5e57cb1b66eaae18987

commit 2ec669947a76c8f65210a5e57cb1b66eaae18987
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2018-07-13 16:51:07 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-07-17 11:06:56 +0000

    app-emulation/xen: bump to 4.10.1
    
    Bug: https://bugs.gentoo.org/655544
    Bug: https://bugs.gentoo.org/655188
    Package-Manager: Portage-2.3.42, Repoman-2.3.9

 app-emulation/xen/Manifest          |   2 +
 app-emulation/xen/xen-4.10.1.ebuild | 172 ++++++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2018-09-10 09:53:53 UTC

Added to an existing GLSA.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2018-10-30 21:06:35 UTC

This issue was resolved and addressed in
 GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06
by GLSA coordinator Thomas Deutschmann (whissi).