|
Message-Id: <E1qQqc6-0003DF-Fl@xenbits.xenproject.org> Date: Tue, 01 Aug 2023 14:44:42 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2023-34320 / XSA-436 arm: Guests can trigger a deadlock on Cortex-A77 ISSUE DESCRIPTION ================= Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. IMPACT ====== A (malicious) guest that doesn't include the workaround for erratum 1508412 could deadlock the core. This will ultimately result to a deadlock of the system. VULNERABLE SYSTEMS ================== Systems running all version of Xen are affected. This bug is specific to Arm Cortex-A77 cores r0p0 and r1p0. MITIGATION ========== There are no known mitigations. NOTE REGARDING LACK OF EMBARGO ============================== This issue has been publicly documented. RESOLUTION ========== To handle properly the erratum, it is necessary to have an updated firmware and that both the hypervisor and guest OSes have the workaround. This means it is not possible to security support Xen on the Cortex-A77, even on systems which have the workaround enabled. Applying the attached patches will document the situation and also add the workaround in Xen if someone wish to run on Cortex-A77 with only trusted guests. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa436/xsa436.patch xen-unstable - Xen 4.17.x xsa436/xsa436-4.16.patch Xen 4.16.x xsa436/xsa436-4.15.patch Xen 4.15.x $ sha256sum xsa436* xsa436*/* 64d34753cdbbcfec2c80db2daad98529bf900935419d0214057e962098b38160 xsa436.meta cc0f1303d4ad4c4750bd555622b87a9721e0253759b07915e6ba5216c24e8f8d xsa436/xsa436.patch 97d1bd7716637efce1fa5d7f608d7f26b2b396fa20b966c8c0cd22ef61dc07d4 xsa436/xsa436-4.15.patch e1264a44df39d56a2c6246d8f9f511d0371a5f416c364ef766ea5a59e7b46f92 xsa436/xsa436-4.16.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmTJGVoMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZIpMIAJJ/58V/2+aEQfc0Fd+UDegr+69PsgRVRKofbX5o M8r0hCLoowsEvI8vxloaOCTtgEwzFq2zCYsUED1nn0iLk0MqK6t9njkuVD3cmuqt WaVXiW7uJU8ph2pwscv2tVPBBYblT7+Y3fuHsbXEjEW40yQkStkD5NMgwH5Z0bhq 61zCZm+/xK66VBKnrWFdlTaueOLT11/lGPskISquWrYjz7Vr873k89fXdGURn6+9 N7gdl3eIDqkpGTXvUPFdPwwE+z1ESxGig24RYNQmt3UpLbIQO2wGp0HXbsJ8e1cj r4KNhSFm/h6tsjOYxm5Jmi4an4gAOlVxCSNds2/+oZQVHpQ= =GNOw -----END PGP SIGNATURE----- Download attachment "xsa436.meta" of type "application/octet-stream" (1098 bytes) Download attachment "xsa436/xsa436.patch" of type "application/octet-stream" (10609 bytes) Download attachment "xsa436/xsa436-4.15.patch" of type "application/octet-stream" (10522 bytes) Download attachment "xsa436/xsa436-4.16.patch" of type "application/octet-stream" (10520 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.