|
Message-Id: <E1gxEqa-0004hp-RY@xenbits.xenproject.org>
Date: Fri, 22 Feb 2019 17:42:52 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security-team-members@....org>
Subject: Xen Security Advisory 283 v2 - Withdrawn Xen Security Advisory number
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Xen Security Advisory XSA-283
version 2
Withdrawn Xen Security Advisory number
SUMMARY
=======
The advisory XSA-283 has been withdrawn.
This is because, on further analysis, we have determined that the
advisory was issued in error: there is no security issue.
UPDATES IN VERSION 2
====================
Advisory withdrawn.
DESCRIPTION
===========
XSA-283 stated:
VT-d: Incorrect accesses into the Interrupt Remapping table
A VT-d IOMMU has several tables in main RAM, which are configured by the
driver when it starts. The tables are required to be aligned on a 4k
boundary, and the control registers in the IOMMU which point to them use
the bottom 12 bits for additional metadata.
Unfortunately, Xen's VT-d driver includes this metadata in its base
pointer to the table, resulting in incorrect calculations when indexing
into the table.
Upon closer inspection, due to the particular way the calculations are
implemented, the "metadata" components end up being eliminated without
affecting the final result.
IMPLICATIONS
============
XSA-283 does not describe any security or functional issue.
The previously declared embargo for XSA-283 is vacated.
Anyone who has information relating to XSA-283 may publish it.
NB: there are other advisories are with the same embargo date.
Those advisories stand, and their embargoes REMAIN IN FORCE.
STATUS OF THE PATCHES
=====================
The patch previously published under embargo in XSA-283 is not
necessary. However, it is harmless; indeed it improves code clarity
and is likely to be included in future Xen releases in some form.
In the interests of transparency, the patch is attached:
$ sha256sum xsa283*
97069456b91064450b6da1e9834f0ab91270f3b93962ca66f2eb9315cf133055 xsa283.patch-withdrawn
$
There is no need to apply this patch.
If you have already applied it, there is no need to revert it.
CREDITS
=======
Thanks to Pawel Wieczorkiewicz and Uwe Dannowski, both of Amazon, for
pointing out that there was no actual security issue.
-----BEGIN PGP SIGNATURE-----
iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlxwNH8MHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ9TkH/iGiPQgUhfvBOQamhBAbeCJ4877+lM+HSln3UiUy
hBvsA6mQCOsNKS2qUXQ8txE2w459V6DYbsmqFPRXLAaF7B+QMK6zPfICxwbCkyii
24qoITatBKvPpEhqzoM6VvkjpuUOi9+n41d/JVcyE53yAuA4R+bR9c36cz1j+j8J
Sd1Betvb5C51V6VQXjL/2zVb/v/fz5tuutIDC+jc7J1eHi7rN31TqizvuF19DQUu
YvSyUjfX2tSlzSp2oJ/uG1wZrAd0Ah+scViSZd6FUsCZyCiHsU02kG0zKfhXCsQ2
+3UkI+WylK2n664uUJAtvvYBkpnGejg224jqasrzGhjZASI=
=+3TC
-----END PGP SIGNATURE-----
Download attachment "xsa283.patch-withdrawn" of type "application/octet-stream" (4752 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.