Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 Feb 2015 17:41:27 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2:
 GICD_SGIR is not properly emulated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            Xen Security Advisory CVE-2015-0268 / XSA-117
                              version 2

           arm: vgic-v2: GICD_SGIR is not properly emulated

UPDATES IN VERSION 2
====================

CVE assigned.

Mention CVE and XSA numbers in patch commit message.

Public release.

ISSUE DESCRIPTION
=================

When decoding a guest write to a specific register in the virtual
interrupt controller Xen would treat an invalid value as a critical
error and crash the host.

IMPACT
======

By writing an invalid value to the GICD.SGIR register a guest can
crash the host, resulting in a Denial of Service attack.

VULNERABLE SYSTEMS
==================

Xen 4.5 and later systems running on ARM hardware with version 2 of
the generic interrupt controller are vulnerable.

Systems running on ARM hardware with version 3 of the generic
interrupt controller are not vulnerable.

x86 systems are not affected.

MITIGATION
==========

None.

CREDITS
=======

This issue was discovered by Julien Grall.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa117.patch        Xen 4.5.x, xen-unstable

$ sha256sum xsa117*.patch
5d7c1ec3bd604ed49999a56fefeebda1206f424b1b48c0e44899f13bc1e55cd0  xsa117.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJU3OW0AAoJEIP+FMlX6CvZePcH/06WboLULU7JEfvzFqpnxpQV
XmNXCuvjcOt4d/w77a78kq8Bw8RUiDHR3f6qb+sJeNsJ1V55o0/KGgydEu+DqoF7
3bftmPDvuBcqoF3+7KupjRp0sBU+11Q/Jtb+P/0ZtVReFKGxmpg8kBura56rL3wf
iL1kMA4V0Kd4abmXXr6yUJMQuI19OZSQ43Zo7F9kOomyc7lcKB6vhnMtCiXw1F9Y
zfnyP1V1s5h77juSe01pQhEqjDlKv/NNkfJav6s7eVYVbJAwFgUP2vOZ14t2dR+o
5M8PPwF6EFBm421Z1D67caBh1ovGzeywZcrCl8nxuex+dqwomLymIMaL0P/fY6g=
=edQs
-----END PGP SIGNATURE-----

Download attachment "xsa117.patch" of type "application/octet-stream" (1378 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.