First Last Prev Next    This bug is not in your last search results.
Bug 1052686 - (CVE-2017-12855) VUL-0: CVE-2017-12855: xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230)
(CVE-2017-12855)
VUL-0: CVE-2017-12855: xen: grant_table: possibly premature clearing of GTF_w...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:NVD:CVE-2017-12855:2.1:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-08 06:19 UTC by Johannes Segitz
Modified: 2021-01-21 18:18 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Charles Arnold 2017-08-11 16:50:55 UTC 
Submitted for,

SUSE:SLE-11-SP1:Update:Teradata
SUSE:SLE-11-SP3:Update
SUSE:SLE-11-SP4:Update
SUSE:SLE-12:Update
SUSE:SLE-12-SP1:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-12-SP3:Update
Comment 2 Marcus Meissner 2017-08-15 12:53:35 UTC 
is public

                    Xen Security Advisory XSA-230
                              version 2

 grant_table: possibly premature clearing of GTF_writing / GTF_reading

UPDATES IN VERSION 2
====================

Public release.  (A CVE request for this issue is currently outstanding.)

ISSUE DESCRIPTION
=================

Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the
guest that a grant is in use.  A guest is expected not to modify the
grant details while it is in use, whereas the guest is free to
modify/reuse the grant entry when it is not in use.

Under some circumstances, Xen will clear the status bits too early,
incorrectly informing the guest that the grant is no longer in use.

IMPACT
======

A guest may prematurely believe that a granted frame is safely private
again, and reuse it in a way which contains sensitive information, while
the domain on the far end of the grant is still using the grant.

VULNERABLE SYSTEMS
==================

All systems are vulnerable.

MITIGATION
==========

There are no mitigations.

CREDITS
=======

This issue was discovered by Jan Beulich of SUSE.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa230.patch           xen-unstable, 4.9, 4.8, 4.7, 4.6, 4.5

$ sha256sum xsa230*
912c24771dc9e9b305be630b7771505abb3db735564c5574fc30b58a5da0139e  xsa230.meta
77a73f1c32d083e315ef0b1bbb119cb8840ceb5ada790cad76cbfb9116f725cc  xsa230.patch
$
Comment 3 Marcus Meissner 2017-08-15 13:51:47 UTC 
CVE-2017-12855
Comment 4 Swamp Workflow Management 2017-09-01 01:10:36 UTC 
SUSE-SU-2017:2319-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1002573,1046637,1047675,1048920,1049578,1051787,1051788,1052686
CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137
Sources used:
SUSE OpenStack Cloud 6 (src):    xen-4.5.5_14-22.25.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_14-22.25.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_14-22.25.1
Comment 5 Swamp Workflow Management 2017-09-01 16:09:59 UTC 
SUSE-SU-2017:2326-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1002573,1026236,1035231,1037840,1046637,1049578,1051787,1051788,1051789,1052686,1055695
CVE References: CVE-2016-9603,CVE-2017-10664,CVE-2017-11434,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-12855
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xen-4.7.3_03-43.9.1
SUSE Linux Enterprise Server 12-SP2 (src):    xen-4.7.3_03-43.9.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    xen-4.7.3_03-43.9.1
SUSE Container as a Service Platform ALL (src):    xen-4.7.3_03-43.9.1
Comment 6 Swamp Workflow Management 2017-09-01 16:12:11 UTC 
SUSE-SU-2017:2327-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1002573,1026236,1027519,1035231,1046637,1049578,1051787,1051788,1051789,1052686,1055695
CVE References: CVE-2017-10664,CVE-2017-11434,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-12855
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    xen-4.9.0_11-3.9.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    xen-4.9.0_11-3.9.1
Comment 7 Swamp Workflow Management 2017-09-04 16:09:51 UTC 
SUSE-SU-2017:2339-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1046637,1048920,1049578,1051787,1051788,1052686
CVE References: CVE-2017-10664,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137,CVE-2017-12855
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_21-45.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-45.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    xen-4.2.5_21-45.5.1
Comment 8 Swamp Workflow Management 2017-09-08 19:10:29 UTC 
openSUSE-SU-2017:2394-1: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1002573,1026236,1027519,1035231,1046637,1049578,1051787,1051788,1051789,1052686,1055695
CVE References: CVE-2017-10664,CVE-2017-11434,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-12855
Sources used:
openSUSE Leap 42.3 (src):    xen-4.9.0_11-4.1
Comment 9 Swamp Workflow Management 2017-09-08 19:16:01 UTC 
openSUSE-SU-2017:2398-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1002573,1026236,1035231,1037840,1046637,1049578,1051787,1051788,1051789,1052686,1055695
CVE References: CVE-2016-9603,CVE-2017-10664,CVE-2017-11434,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-12855
Sources used:
openSUSE Leap 42.2 (src):    xen-4.7.3_03-11.12.1
Comment 10 Swamp Workflow Management 2017-09-13 16:10:22 UTC 
SUSE-SU-2017:2450-1: An update that solves 10 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1027519,1032598,1037413,1046637,1047675,1048920,1049578,1051787,1051788,1052686,1056278,1056281,1056282
CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137,CVE-2017-12855,CVE-2017-14316,CVE-2017-14317,CVE-2017-14319
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_22-61.9.2
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_22-61.9.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_22-61.9.2
Comment 11 Swamp Workflow Management 2017-09-21 19:09:47 UTC 
SUSE-SU-2017:2541-1: An update that solves 10 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1002573,1027519,1032598,1037413,1046637,1047675,1048920,1049578,1051787,1051788,1052686,1056278,1056281,1056282
CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-12135,CVE-2017-12137,CVE-2017-12855,CVE-2017-14316,CVE-2017-14317,CVE-2017-14319
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_22-22.51.2
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_22-22.51.2
Comment 12 Marcus Meissner 2017-10-25 17:30:15 UTC 
rel;eased
Comment 13 Swamp Workflow Management 2017-11-16 14:08:32 UTC 
SUSE-SU-2017:2327-2: An update that solves 6 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1002573,1026236,1027519,1035231,1046637,1049578,1051787,1051788,1051789,1052686,1055695
CVE References: CVE-2017-10664,CVE-2017-11434,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-12855
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    xen-4.9.0_11-3.9.1
First Last Prev Next    This bug is not in your last search results.