|
Message-Id: <E1gK6Hg-0002Qd-P3@xenbits.xenproject.org> Date: Tue, 06 Nov 2018 18:41:04 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 282 v1 - guest use of HLE constructs may lock up host -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-282 guest use of HLE constructs may lock up host ISSUE DESCRIPTION ================= Various Intel CPU models have an erratum listed under the title "Processor May Hang When Executing Code In an HLE Transaction". It describes a potential hang when using instructions with the XACQUIRE prefix on the host physical memory range covering the first 4 MiB starting at the 1GiB boundary. IMPACT ====== A malicious or buggy guest may cause a CPU to hang, resulting in a DoS (Denial of Service) affecting the entire host. VULNERABLE SYSTEMS ================== All Xen versions are affected. Only Intel based x86 systems are affected. Please refer to Intel documentation as to which specific CPU models are affected. AMD x86 systems as well as Arm ones are not affected. MITIGATION ========== There is no known mitigation. A BIOS update may be available for some systems, working around the issue at the firmware level. RESOLUTION ========== Applying the appropriate pair of attached patches works around this issue for the CPU models known to be affected at the time of writing. xsa282-?.patch xen-unstable xsa282-4.11-1.patch + xsa282-2.patch Xen 4.11.x, Xen 4.10.x xsa282-4.9-1.patch + xsa282-2.patch Xen 4.9.x xsa282-4.9-1.patch + xsa282-4.8-2.patch Xen 4.8.x, Xen 4.7.x $ sha256sum xsa282* 6ef64ca920a58ed9185e81fad3dfa9ca5f6316f1e72ddd4f411f3e79eaf79903 xsa282.meta ad7093e00b3d6650530c95427ef0e68880883f0cec7229b5f41c9e2dc497ffd5 xsa282-1.patch 7ce7fa105026b189500a31bd3978ec0c6fd9d7c95f688463c25ecce76366be35 xsa282-2.patch fbff734d678700864563f8214361f391c0cbda9b67ed7256535ed3db388c8feb xsa282-4.8-2.patch df833cbe9b8798104a65d44b737c46f97399b86b0ffd03c99fda4c8ecf5a353c xsa282-4.9-1.patch 68eab296a7124662cbe3c6df8835aff9b4a26160fdbe970e206a7a6ef8d27ec7 xsa282-4.11-1.patch $ NOTE REGARDING LACK OF EMBARGO ============================== The issue has been documented publicly in Specification Updates for at least some of the affected processors for quite some time. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlvh3+0MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ48QIALQ1hLMewraf+URzsd36EUJNPP+1C8Dg35PavdJ1 mrqBljy/bIYCiLvLm1RwinUPL5vrvkB97/6AjmnpZM83AA3/PLTbh3tpP8fiLUcF YL7wJogvjv51Q3N8mYHjxGGl5YYVdrgxwxbQIuzRnw2gi/ikd0oAoNce/QIF6iFz P2I8VjKuQZ6qEzdKXTTiPNQQzL+OfVGQ+RcsthQieWce53p+n1pI1QqbPOwdYtca /cOhP+vGRzh+4QP50JuN5ikdC/C9KpyjEo5mZVlrZQYPIqzI+vomueCJLPGN3cSY LBcJc/lT/w/LRgygpbUB/OO8RwK5XB9T4Jm/ssXGpCOTs3Y= =Ipfd -----END PGP SIGNATURE----- Download attachment "xsa282.meta" of type "application/octet-stream" (1794 bytes) Download attachment "xsa282-1.patch" of type "application/octet-stream" (5054 bytes) Download attachment "xsa282-2.patch" of type "application/octet-stream" (1592 bytes) Download attachment "xsa282-4.8-2.patch" of type "application/octet-stream" (1613 bytes) Download attachment "xsa282-4.9-1.patch" of type "application/octet-stream" (2730 bytes) Download attachment "xsa282-4.11-1.patch" of type "application/octet-stream" (5050 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.