Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <E1Wcws9-0005ae-0x@xenbits.xen.org>
Date: Wed, 23 Apr 2014 13:05:57 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 94 - ARM hypervisor crash on guest
 interrupt controller access

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Xen Security Advisory XSA-94

      ARM hypervisor crash on guest interrupt controller access

ISSUE DESCRIPTION
=================

When handling a guest access to the virtual GIC distributor (interrupt
controller) Xen could dereference a pointer before checking it for
validity leading to a hypervisor crash and host Denial of Service.

IMPACT
======

A buggy or malicious guest can crash the host.

VULNERABLE SYSTEMS
==================

Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward.

x86 systems are not vulnerable.

MITIGATION
==========

None.

NOTE REGARDING LACK OF EMBARGO
==============================

This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.

CREDITS
=======

The initial bug was discovered by Thomas Leonard and the security
aspect was diagnosed by Julien Grall.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa94.patch        xen-unstable, Xen 4.4.x

$ sha256sum xsa94*.patch
ad0f20577400756a1786daeafef86fa870727ec35b48f71f565e4a30dcbda58d  xsa94.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTV7qTAAoJEIP+FMlX6CvZ08EH/3pIhD1lCXex3pbvo0BFIc2y
+XqJmLQ8QVeuk1Q9etEVbJxC8YvbmunefyCyfXIYQpL5jWqJdOAGzSktLOuaGrrM
ENG6kFyiC6pxLouJb+BAm3qOfe3vVCdkWh9ouWQGC/3FqbSM+2QGI0vUyxtfmmga
IDeQ+CjyWVVhmR7Tb76Gc/pMLnrfD1HTZSgTe8NacqbnZuXzPMrxkKw8BleK/boH
L5r/0Y/GqqOe5LRqCOZt8U7jlcfwAs+rqUI0UDz70YvokcBH7RwaRiolZxicLdjP
4lFJH8q9d45EA9JI+Xifv2QZ9tJMRNhRtTQpqIS8swAROOM/SblpPUPlOiPvyaE=
=RGUg
-----END PGP SIGNATURE-----

Download attachment "xsa94.patch" of type "application/octet-stream" (1164 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.