search for: xen_domctl_gettscinfo

...verity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3340 [1] http://xenbits....

On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote: > the following vulnerability was published for xen. I consider this issue as unimportant. Not sure how I can mark it this way in the security tracker. Bastian -- Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3

Processing commands for control at bugs.debian.org: > close 784011 4.5.1~rc1-1 Bug #784011 [src:xen] xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) Marked as fixed in versions xen/4.5.1~rc1-1. Bug #784011 [src:xen] xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 784011: http://bugs.debian.org/cgi-bin/bu...

...l unintended writes to host MSI message data field via qemu * CVE-2015-4104 (XSA 129) - PCI MSI mask bits inadvertently exposed to guests * CVE-2015-4105 (XSA 130) - Guest triggerable qemu MSI-X pass-through error messages * CVE-2015-3340 (XSA 132) - Information leak through XEN_DOMCTL_gettscinfo * CVE-2015-4106 (XSA 131) - Unmediated PCI register access in qemu Checksums-Sha1: 7a66247bea23a05bbfc9a3bb6bf43ff219eca919 3040 xen_4.1.4-3+deb7u8.dsc 0bd6b97bd76345a3f8f96a7bc120099234c34f18 253480 xen_4.1.4-3+deb7u8.debian.tar.gz a8899780de513a402770976e97a46c3e4898da0c 1172400 xen...

...l unintended writes to host MSI message data field via qemu * CVE-2015-4104 (XSA 129) - PCI MSI mask bits inadvertently exposed to guests * CVE-2015-4105 (XSA 130) - Guest triggerable qemu MSI-X pass-through error messages * CVE-2015-3340 (XSA 132) - Information leak through XEN_DOMCTL_gettscinfo * CVE-2015-4106 (XSA 131) - Unmediated PCI register access in qemu Checksums-Sha1: 7a66247bea23a05bbfc9a3bb6bf43ff219eca919 3040 xen_4.1.4-3+deb7u8.dsc 0bd6b97bd76345a3f8f96a7bc120099234c34f18 253480 xen_4.1.4-3+deb7u8.debian.tar.gz a8899780de513a402770976e97a46c3e4898da0c 1172400 xen...

...;u._union._field)) +#define PRE_XEN_DOMCTL_READ(_domctl, _field) \ + __PRE_XEN_DOMCTL_READ(_domctl, _domctl, _field) + + switch (domctl->cmd) { + case XEN_DOMCTL_destroydomain: + case XEN_DOMCTL_pausedomain: + case XEN_DOMCTL_max_vcpus: + case XEN_DOMCTL_get_address_size: + case XEN_DOMCTL_gettscinfo: + case XEN_DOMCTL_getdomaininfo: + case XEN_DOMCTL_unpausedomain: + /* No input fields. */ + break; + + case XEN_DOMCTL_createdomain: + PRE_XEN_DOMCTL_READ(createdomain, ssidref); + PRE_XEN_DOMCTL_READ(createdomain, handle); + PRE_XEN_DOMCTL_READ(createdomain, flags)...

These two patches were originally part of the XSM series that I have posted, and remain prerequisites for that series. However, they are independent of the XSM changes and are a useful simplification regardless of the use of XSM. The Acked-bys on these patches were provided before rebasing them over the copyback changes in 26268:1b72138bddda, which had minor conflicts that I resolved. [PATCH