Xen.org security team
2014-Feb-19 16:55 UTC
Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 4 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 4 =================== The original fix for 4.2.x and 4.1.x was found to deal with 64-bit hypervisors only. Incremental patches to also address 32-bit ones are now being provided in addition. ISSUE DESCRIPTION ================ AMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang. IMPACT ===== A malicious guest administrator can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================= The vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs. Such CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen. HVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s). Non-AMD CPUs are not vulnerable. CREDITS ====== This issue's security impact was discovered by Jan Beulich. MITIGATION ========= This issue can be avoided by neither running HVM guests, nor assigning PCI devices to PV guests. RESOLUTION ========= The attached xsa82.patch contains a software workaround which resolves this issue for 64-bit hypervisors. To also resolve the issue on 32-bit hypervisors (Xen 4.2.x and 4.1.x only), the respective attached xsa82-4.?-32bit.patch needs to be applied on top. Alternatively, the recommended workaround can be implemented in firmware, so a suitable firmware update will resolve the issue. If you require a firmware update please consult your vendor. xsa82.patch Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable xsa82-4.1-32bit.patch Xen 4.1.x xsa82-4.2-32bit.patch Xen 4.2.x $ sha256sum xsa82*.patch b0fb0289e1da965bc038993e07af4ba78cb746ed8f1a1865f5fec9de7299faa7 xsa82-4.1-32bit.patch 18f2ba14131975b45688e3c5f4c0a85bd78cf089c3d83ae81f86e149b8c538d6 xsa82-4.2-32bit.patch 0a58f3564ca91fd2668c202446c607fdb1ec8643e558a3921046d43675f58c08 xsa82.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTBOHNAAoJEIP+FMlX6CvZ6TIIAMS1oTljW2yAB9daiY5P0UBf u4X+NTUUUO6DiKLakBFjmS01oB7pApSCHmnqUqgFXlbo8KJsz3qtCLWe+IHH0Kex 8ofL/pDedcHm7bSkXCcncz8xVCqPbPrgVV+bwDXHru65/jxf0XDvPRT9af4N2eGY wlngDFDaWLuozjOqp2mtaOSiqbUc2r43BOalMl6om2BFbF8BEBpPBkcLRxUvsQX0 noZMbknQ36mb0/+dC+pHCUfcUuLquaGNx+I+UF4HXSUdxhVniCD8hzmDxRR9i5Dn S/g9z72LDF0cISL2K4B/iwRiCjOozHqbNimSAWuWTgj3dAWu8dClI3SQyFpOgxY=ie9o -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users