Bug 1158003 - (CVE-2019-19581) VUL-0: CVE-2019-19581,CVE-2019-19582: xen: XSA-307 v3 - find_next_bit() issues
(CVE-2019-19581)
VUL-0: CVE-2019-19581,CVE-2019-19582: xen: XSA-307 v3 - find_next_bit() issues
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/248098/
CVSSv3.1:SUSE:CVE-2019-19582:6.5:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-28 13:47 UTC by Wolfgang Frisch
Modified: 2022-05-05 11:38 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Alexandros Toptsoglou 2019-12-11 12:10:02 UTC
now public through oss

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

    Xen Security Advisory CVE-2019-19581,CVE-2019-19582 / XSA-307
                              version 3

                        find_next_bit() issues

UPDATES IN VERSION 3
====================

Public release.

Updated metadata to add 4.13, update StableRef's

ISSUE DESCRIPTION
=================

In a number of places bitmaps are being used by the hypervisor to track
certain state.  Iteration over all bits involves functions which may
misbehave in certain corner cases:
- - On 32-bit Arm accesses to bitmaps with bit a count which is a multiple
  of 32, an out of bounds access may occur.  (CVE-2019-19581)
- - On x86 accesses to bitmaps with a compile time known size of 64 may
  incur undefined behavior, which may in particular result in infinite
  loops. (CVE-2019-19582)

IMPACT
======

A malicious guest may cause a hypervisor crash or hang, resulting in a
Denial of Service (DoS).

VULNERABLE SYSTEMS
==================

All versions of Xen are vulnerable.

32-bit Arm systems are vulnerable.

x86 systems with 64 or more nodes are vulnerable.  We are unaware of any
such systems that Xen would run on.

64-bit Arm systems as well as x86 systems with less than 64 nodes are
not vulnerable.

MITIGATION
==========

There is no known mitigation for 32-bit Arm systems.

For x86 systems the issue can be avoided by suppressing the use of NUMA
information provided by firmware, via the "numa=off" command line
option.

RESOLUTION
==========

Applying the attached patch resolves this issue.

xsa307.patch           xen-unstable, Xen 4.13.x ... 4.8.x

$ sha256sum xsa307*
e589e96a0b3ec66f1d2d6393b82fab13ed18fd9fb112044a12263336b8499c68  xsa307.meta
7df052768cc05329bc44bf724897227885da8bb2cde9ff01d0ba2a34611bde97  xsa307.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAl3w24gMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZxokH/2bGTmGUZP0tyc+oDHjlrr3+FarhoJnRTl4EoqJS
hzsa5OkcqzcEgrQ+7VL7dLW3AboT2zcx2RQ9HyxCz61BfDY1XF8EDDr6chJiNofN
J7OGirNzSBHFFQJOc2KFG8al+1F8WzzKP3UMbqNBrqB07/tQc5lttdbA/t5Tnp9c
xreCAkkBscDk1LFR8HiUA3YeykiHQtF09O+VnxXO2AD/Dpo8e+K6AmJkCZ4+ysNP
JKMc13vQ3UKjMmYzgbuNCIswNu1Wy3EnNZMf2zvGIhuw6iN6vSJJgoz0OSPUb4yY
kXEe1dlgseSbMxXEqj4IyZ69pEw6Ijj+H6PybQo/IOie7q0=
=7XWU
-----END PGP SIGNATURE-----
Comment 6 Swamp Workflow Management 2019-12-13 23:11:59 UTC
SUSE-SU-2019:3297-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1152497,1154448,1154456,1154458,1154460,1154461,1154464,1155945,1157888,1158003,1158004,1158005,1158006,1158007
CVE References: CVE-2018-12207,CVE-2019-11135,CVE-2019-18420,CVE-2019-18421,CVE-2019-18422,CVE-2019-18423,CVE-2019-18424,CVE-2019-18425,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19582,CVE-2019-19583
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    xen-4.9.4_06-3.59.1
SUSE OpenStack Cloud 8 (src):    xen-4.9.4_06-3.59.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    xen-4.9.4_06-3.59.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    xen-4.9.4_06-3.59.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xen-4.9.4_06-3.59.1
SUSE Enterprise Storage 5 (src):    xen-4.9.4_06-3.59.1
SUSE CaaS Platform 3.0 (src):    xen-4.9.4_06-3.59.1
HPE Helion Openstack 8 (src):    xen-4.9.4_06-3.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-12-13 23:13:55 UTC
SUSE-SU-2019:3296-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1158003,1158004,1158005,1158006,1158007
CVE References: CVE-2019-19577,CVE-2019-19578,CVE-2019-19580,CVE-2019-19581,CVE-2019-19582,CVE-2019-19583
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xen-4.12.1_10-3.8.1
SUSE Linux Enterprise Server 12-SP5 (src):    xen-4.12.1_10-3.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-12-16 17:13:53 UTC
SUSE-SU-2019:3310-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1154460,1154461,1154464,1157888,1158003,1158004,1158005,1158006,1158007
CVE References: CVE-2019-18422,CVE-2019-18423,CVE-2019-18424,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19582,CVE-2019-19583
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    xen-4.11.3_02-2.20.1
SUSE Linux Enterprise Server 12-SP4 (src):    xen-4.11.3_02-2.20.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    xen-4.11.3_02-2.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-12-16 17:15:37 UTC
SUSE-SU-2019:3309-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1154460,1154464,1157888,1158003,1158004,1158005,1158006,1158007
CVE References: CVE-2019-18422,CVE-2019-18423,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19582,CVE-2019-19583
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    xen-4.10.4_08-3.28.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    xen-4.10.4_08-3.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2019-12-18 23:12:38 UTC
SUSE-SU-2019:3338-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1027519,1152497,1157047,1157888,1158003,1158004,1158005,1158006,1158007
CVE References: CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19582,CVE-2019-19583
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    xen-4.12.1_06-3.9.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    xen-4.12.1_06-3.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    xen-4.12.1_06-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2020-02-06 14:15:01 UTC
SUSE-SU-2020:0334-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1152497,1154448,1154456,1154458,1154461,1155945,1157888,1158003,1158004,1158005,1158006,1158007,1161181
CVE References: CVE-2018-12207,CVE-2019-11135,CVE-2019-18420,CVE-2019-18421,CVE-2019-18424,CVE-2019-18425,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19583,CVE-2020-7211
Sources used:
SUSE OpenStack Cloud 7 (src):    xen-4.7.6_06-43.59.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    xen-4.7.6_06-43.59.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    xen-4.7.6_06-43.59.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xen-4.7.6_06-43.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-02-17 17:13:39 UTC
SUSE-SU-2020:0388-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 1115045,1126140,1126141,1126192,1126195,1126196,1126201,1135905,1143797,1145652,1146874,1149813,1152497,1154448,1154456,1154458,1154461,1155945,1157888,1158003,1158004,1158005,1158006,1158007,1161181
CVE References: CVE-2018-12207,CVE-2018-19965,CVE-2019-11135,CVE-2019-12067,CVE-2019-12068,CVE-2019-12155,CVE-2019-14378,CVE-2019-15890,CVE-2019-17340,CVE-2019-17341,CVE-2019-17342,CVE-2019-17343,CVE-2019-17344,CVE-2019-17347,CVE-2019-18420,CVE-2019-18421,CVE-2019-18424,CVE-2019-18425,CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19583,CVE-2020-7211
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_28-22.64.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_28-22.64.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-06-16 19:12:31 UTC
SUSE-SU-2020:1630-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1157888,1158003,1158004,1158005,1158006,1158007,1161181,1167152,1168140,1168142,1169392,1172205
CVE References: CVE-2019-19577,CVE-2019-19578,CVE-2019-19579,CVE-2019-19580,CVE-2019-19581,CVE-2019-19583,CVE-2020-0543,CVE-2020-11739,CVE-2020-11740,CVE-2020-11741,CVE-2020-11742,CVE-2020-7211
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    xen-4.9.4_06-3.62.1
SUSE OpenStack Cloud 8 (src):    xen-4.9.4_06-3.62.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    xen-4.9.4_06-3.62.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    xen-4.9.4_06-3.62.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    xen-4.9.4_06-3.62.1
SUSE Enterprise Storage 5 (src):    xen-4.9.4_06-3.62.1
HPE Helion Openstack 8 (src):    xen-4.9.4_06-3.62.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Charles Arnold 2021-01-22 18:58:44 UTC
Backported and released to 12-SP2.
Comment 18 Gabriele Sonnu 2022-05-05 11:38:16 UTC
Done.