Xen project Mailing List

Re: [Xen-users] [oss-security] Xen Security Advisory 78 - Insufficient TLB flushing in VT-d (iommu) code

To: oss-security@xxxxxxxxxxxxxxxxxx, xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx

From: Kurt Seifried <kseifried@xxxxxxxxxx>

Date: Thu, 21 Nov 2013 00:55:13 -0700

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Thu, 21 Nov 2013 12:20:47 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/20/2013 10:08 AM, Xen.org security team wrote: > Xen Security Advisory XSA-78 > > Insufficient TLB flushing in VT-d (iommu) code > > ISSUE DESCRIPTION ================= > > An inverted boolean parameter resulted in TLB flushes not > happening upon clearing of a present translation table entry. > Retaining stale TLB entries could allow guests access to memory > that ought to have been revoked, or grant greater access than > intended. > > IMPACT ====== > > Malicious guest administrators might be able to cause host-wide > denial of service, or escalate their privilege to that of the > host. > > VULNERABLE SYSTEMS ================== > > Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not > vulnerable. > > Only systems using Intel VT-d for PCI passthrough are vulnerable. > > MITIGATION ========== > > This issue can be avoided by not assigning PCI devices to untrusted > guests on systems supporting Intel VT-d. > > NOTE REGARDING LACK OF EMBARGO ============================== > > This issue was disclosed publicly on the xen-devel mailing list. > > RESOLUTION ========== > > Applying the attached patch resolves this issue. > > xsa78.patch Xen 4.2.x, Xen 4.3.x, xen-unstable > > $ sha256sum xsa78*.patch > 2b858188495542b393532dfeb108ae95cbb507a008b5ebf430b96c95272f9e0e > xsa78.patch $ Please use CVE-2013-6375 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSjbxgAAoJEBYNRVNeJnmT+rsQANa8v60e5q9IlEAYEjqb/Tar NqozqDg0BY5ujLOapUY8ZKP7vFJqy17E3WlQCz0Hzucxozn6XwqBD2GZwyHVy9m/ yH7sqoTrlJfhl+sC2FAU9eR0y7U1+Z1yXSF4aXmXZgUfawa+36X8e+FYDzV30hqe zYf6CxhZoiZ6Ngb5rH+Rtup4pdH4nuSULrgv3gir1EBCIBv8ElMItslGCbbvwv5J AizlzJThJZmZN6DblJewzFaddmT5YMVDuzvRWGav0dBFkDHdlPqdNx5CSDF33I/h tPXYH8ecgP8IXpSMeW+YgRLnq5B4WTQiXoiJz8VqsvbwrmUEZz85IkVmpznnfBkf WqGrgUT0Y1S0w2N309xyz/VM+QIgTRjhUDlgyLunEQaIS183c9wuYMAEAEgLLj6D R1gul6PM5d6nsNSt2AvRAd01Fr3fmZorQXxjyhY/AP1YDTbDsshcjRirEXhowjUk WEcNmDEK1OyigilospoHLMBChYiY5SulMc/J1uMFsMHhY9kPa7321KNvM/9wMxyx 2tOZUN6J5r2tbDYtifOH9pyd38Ezi86HJUeniFWqn5sKMquWydKIczx6AbKrrmqW 5U7qGQS3PNj9w+AC+pUhn9T5x6LyPrsRK1qqfIHnKg/1uXMSJwfDKI1vHFfWBoZD qaBYD1JWmWc/va1D8mKB =Ra7v -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.