[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [oss-security] Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/20/2013 10:08 AM, Xen.org security team wrote:
> Xen Security Advisory XSA-78
> 
> Insufficient TLB flushing in VT-d (iommu) code
> 
> ISSUE DESCRIPTION =================
> 
> An inverted boolean parameter resulted in TLB flushes not
> happening upon clearing of a present translation table entry.
> Retaining stale TLB entries could allow guests access to memory
> that ought to have been revoked, or grant greater access than
> intended.
> 
> IMPACT ======
> 
> Malicious guest administrators might be able to cause host-wide
> denial of service, or escalate their privilege to that of the
> host.
> 
> VULNERABLE SYSTEMS ==================
> 
> Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not
> vulnerable.
> 
> Only systems using Intel VT-d for PCI passthrough are vulnerable.
> 
> MITIGATION ==========
> 
> This issue can be avoided by not assigning PCI devices to untrusted
> guests on systems supporting Intel VT-d.
> 
> NOTE REGARDING LACK OF EMBARGO ==============================
> 
> This issue was disclosed publicly on the xen-devel mailing list.
> 
> RESOLUTION ==========
> 
> Applying the attached patch resolves this issue.
> 
> xsa78.patch        Xen 4.2.x, Xen 4.3.x, xen-unstable
> 
> $ sha256sum xsa78*.patch 
> 2b858188495542b393532dfeb108ae95cbb507a008b5ebf430b96c95272f9e0e
> xsa78.patch $

Please use CVE-2013-6375 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSjbxgAAoJEBYNRVNeJnmT+rsQANa8v60e5q9IlEAYEjqb/Tar
NqozqDg0BY5ujLOapUY8ZKP7vFJqy17E3WlQCz0Hzucxozn6XwqBD2GZwyHVy9m/
yH7sqoTrlJfhl+sC2FAU9eR0y7U1+Z1yXSF4aXmXZgUfawa+36X8e+FYDzV30hqe
zYf6CxhZoiZ6Ngb5rH+Rtup4pdH4nuSULrgv3gir1EBCIBv8ElMItslGCbbvwv5J
AizlzJThJZmZN6DblJewzFaddmT5YMVDuzvRWGav0dBFkDHdlPqdNx5CSDF33I/h
tPXYH8ecgP8IXpSMeW+YgRLnq5B4WTQiXoiJz8VqsvbwrmUEZz85IkVmpznnfBkf
WqGrgUT0Y1S0w2N309xyz/VM+QIgTRjhUDlgyLunEQaIS183c9wuYMAEAEgLLj6D
R1gul6PM5d6nsNSt2AvRAd01Fr3fmZorQXxjyhY/AP1YDTbDsshcjRirEXhowjUk
WEcNmDEK1OyigilospoHLMBChYiY5SulMc/J1uMFsMHhY9kPa7321KNvM/9wMxyx
2tOZUN6J5r2tbDYtifOH9pyd38Ezi86HJUeniFWqn5sKMquWydKIczx6AbKrrmqW
5U7qGQS3PNj9w+AC+pUhn9T5x6LyPrsRK1qqfIHnKg/1uXMSJwfDKI1vHFfWBoZD
qaBYD1JWmWc/va1D8mKB
=Ra7v
-----END PGP SIGNATURE-----

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.