[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [oss-security] Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/20/2013 10:08 AM, Xen.org security team wrote: > Xen Security Advisory XSA-78 > > Insufficient TLB flushing in VT-d (iommu) code > > ISSUE DESCRIPTION ================= > > An inverted boolean parameter resulted in TLB flushes not > happening upon clearing of a present translation table entry. > Retaining stale TLB entries could allow guests access to memory > that ought to have been revoked, or grant greater access than > intended. > > IMPACT ====== > > Malicious guest administrators might be able to cause host-wide > denial of service, or escalate their privilege to that of the > host. > > VULNERABLE SYSTEMS ================== > > Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not > vulnerable. > > Only systems using Intel VT-d for PCI passthrough are vulnerable. > > MITIGATION ========== > > This issue can be avoided by not assigning PCI devices to untrusted > guests on systems supporting Intel VT-d. > > NOTE REGARDING LACK OF EMBARGO ============================== > > This issue was disclosed publicly on the xen-devel mailing list. > > RESOLUTION ========== > > Applying the attached patch resolves this issue. > > xsa78.patch Xen 4.2.x, Xen 4.3.x, xen-unstable > > $ sha256sum xsa78*.patch > 2b858188495542b393532dfeb108ae95cbb507a008b5ebf430b96c95272f9e0e > xsa78.patch $ Please use CVE-2013-6375 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSjbxgAAoJEBYNRVNeJnmT+rsQANa8v60e5q9IlEAYEjqb/Tar NqozqDg0BY5ujLOapUY8ZKP7vFJqy17E3WlQCz0Hzucxozn6XwqBD2GZwyHVy9m/ yH7sqoTrlJfhl+sC2FAU9eR0y7U1+Z1yXSF4aXmXZgUfawa+36X8e+FYDzV30hqe zYf6CxhZoiZ6Ngb5rH+Rtup4pdH4nuSULrgv3gir1EBCIBv8ElMItslGCbbvwv5J AizlzJThJZmZN6DblJewzFaddmT5YMVDuzvRWGav0dBFkDHdlPqdNx5CSDF33I/h tPXYH8ecgP8IXpSMeW+YgRLnq5B4WTQiXoiJz8VqsvbwrmUEZz85IkVmpznnfBkf WqGrgUT0Y1S0w2N309xyz/VM+QIgTRjhUDlgyLunEQaIS183c9wuYMAEAEgLLj6D R1gul6PM5d6nsNSt2AvRAd01Fr3fmZorQXxjyhY/AP1YDTbDsshcjRirEXhowjUk WEcNmDEK1OyigilospoHLMBChYiY5SulMc/J1uMFsMHhY9kPa7321KNvM/9wMxyx 2tOZUN6J5r2tbDYtifOH9pyd38Ezi86HJUeniFWqn5sKMquWydKIczx6AbKrrmqW 5U7qGQS3PNj9w+AC+pUhn9T5x6LyPrsRK1qqfIHnKg/1uXMSJwfDKI1vHFfWBoZD qaBYD1JWmWc/va1D8mKB =Ra7v -----END PGP SIGNATURE----- _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |