Pkg xen devel - Apr 2017 - Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)

Source: xen
Version: 4.8.1~pre.2017.01.23-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerability was published for xen.

CVE-2017-7228[0]:
| An issue (known as XSA-212) was discovered in Xen, with fixes available
| for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix
| introduced an insufficient check on XENMEM_exchange input, allowing the
| caller to drive hypervisor memory accesses outside of the guest
| provided input/output arrays.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228
[1] https://xenbits.xen.org/xsa/advisory-212.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

On Tue, 04 Apr 2017 21:49:44 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: xen
> Version: 4.8.1~pre.2017.01.23-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for xen.
> 
> CVE-2017-7228[0]:
> | An issue (known as XSA-212) was discovered in Xen, with fixes available
> | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix
> | introduced an insufficient check on XENMEM_exchange input, allowing the
> | caller to drive hypervisor memory accesses outside of the guest
> | provided input/output arrays.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-7228
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228
> [1] https://xenbits.xen.org/xsa/advisory-212.html
> 
> Please adjust the affected versions in the BTS as needed.
> 
> Regards,
> Salvatore
> 
> 
Hi Xen maintainers,

Is there any update on this bug?

Thanks,
~Niels

Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in
memory_exchange() permits PV guest breakout
(XSA-212)"):
> Hi Xen maintainers,
> Is there any update on this bug?
Sorry for having dropping this.  I will try to sort out this (and the
other outstanding security issues with this package) this week.

Ian.

Your message dated Tue, 18 Apr 2017 17:34:15 +0000
with message-id <E1d0X15-000Dti-Kf at fasolo.debian.org>
and subject line Bug#859560: fixed in xen 4.8.1-1
has caused the Debian Bug report #859560,
regarding xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV
guest breakout (XSA-212)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
859560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859560
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV
guest breakout (XSA-212)
Date: Tue, 04 Apr 2017 21:49:44 +0200
Size: 2506
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170418/0d86cae8/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Ian Jackson <ian.jackson at eu.citrix.com>
Subject: Bug#859560: fixed in xen 4.8.1-1
Date: Tue, 18 Apr 2017 17:34:15 +0000
Size: 5682
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170418/0d86cae8/attachment-0003.mht>

Your message dated Sat, 27 May 2017 12:34:02 +0000
with message-id <E1dEauw-000J3d-IT at fasolo.debian.org>
and subject line Bug#859560: fixed in xen 4.4.1-9+deb8u9
has caused the Debian Bug report #859560,
regarding xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV
guest breakout (XSA-212)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
859560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859560
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV
guest breakout (XSA-212)
Date: Tue, 04 Apr 2017 21:49:44 +0200
Size: 2506
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170527/f5438628/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Ian Jackson <ijackson at chiark.greenend.org.uk>
Subject: Bug#859560: fixed in xen 4.4.1-9+deb8u9
Date: Sat, 27 May 2017 12:34:02 +0000
Size: 8259
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20170527/f5438628/attachment-0003.mht>