Xen.org security team
2014-Apr-23 13:05 UTC
Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-94 ARM hypervisor crash on guest interrupt controller access ISSUE DESCRIPTION ================ When handling a guest access to the virtual GIC distributor (interrupt controller) Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT ===== A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS ================= Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward. x86 systems are not vulnerable. MITIGATION ========= None. NOTE REGARDING LACK OF EMBARGO ============================= This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. CREDITS ====== The initial bug was discovered by Thomas Leonard and the security aspect was diagnosed by Julien Grall. RESOLUTION ========= Applying the appropriate attached patch resolves this issue. xsa94.patch xen-unstable, Xen 4.4.x $ sha256sum xsa94*.patch ad0f20577400756a1786daeafef86fa870727ec35b48f71f565e4a30dcbda58d xsa94.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTV7qTAAoJEIP+FMlX6CvZ08EH/3pIhD1lCXex3pbvo0BFIc2y +XqJmLQ8QVeuk1Q9etEVbJxC8YvbmunefyCyfXIYQpL5jWqJdOAGzSktLOuaGrrM ENG6kFyiC6pxLouJb+BAm3qOfe3vVCdkWh9ouWQGC/3FqbSM+2QGI0vUyxtfmmga IDeQ+CjyWVVhmR7Tb76Gc/pMLnrfD1HTZSgTe8NacqbnZuXzPMrxkKw8BleK/boH L5r/0Y/GqqOe5LRqCOZt8U7jlcfwAs+rqUI0UDz70YvokcBH7RwaRiolZxicLdjP 4lFJH8q9d45EA9JI+Xifv2QZ9tJMRNhRtTQpqIS8swAROOM/SblpPUPlOiPvyaE=RGUg -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users