Bugzilla – Bug 813675
VUL-0: xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests
Last modified: 2015-03-05 14:54:52 UTC
Not public yet! Received via security@suse.de. Date: Thu, 04 Apr 2013 17:57:14 +0000 From: "Xen.org security team" <security@xen.org> Subject: [security@suse.de] Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-1919 / XSA-46 Several access permission issues with IRQs for unprivileged guests *** EMBARGOED UNTIL 2013-04-18 12:00 UTC *** ISSUE DESCRIPTION ================= Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn't have access to itself. IMPACT ====== Malicious or buggy stub domains kernels can mount a denial of service attack possibly affecting the whole system. VULNERABLE SYSTEMS ================== Only Xen systems using stub domains are vulnerable. Only guests with passed-through IRQs or PCI devices are able to exploit the vulnerability. It is remotely possible that PV guests with passthrough IRQs or devices may also be able to exploit this vulnerability, although we think this is unlikely. MITIGATION ========== Servicing HVM guests with passthrough IRQs or PCI devices in dom0 (ie, not using a stub domain device model) should avoid this vulnerability. Reconfiguring the system to disable IRQ/PCI passthrough and instead providing the guests with appropriate paravirtualised facilities will avoid this vulnerability. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa46-4.1.patch Xen 4.1.x xsa46-4.2.patch Xen 4.2.x xsa46-unstable.patch xen-unstable $ sha256sum xsa46*.patch 3b2ea317c1cf2ba428cc14946d030d38294747fef2beeb16eba30bcf3b1bc2cc xsa46-4.1.patch 53c94ef769811680cf2f6814d6f49c6fd0e2c064a86b4b2453642e090555c8c6 xsa46-4.2.patch db50e94868be0193eadb11bd685c431eeef3f676cac68e307d2a19eafff14154 xsa46-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRXb5cAAoJEIP+FMlX6CvZHVkIALM8m0D/BlPt9XcwqtpJAm3S NyQ28Yu9D/KRefIUMYu4qJgsvOarwxxGjEtfzx6cgsZEr1RI0yFE3FCQfv0CkPzT pofOnRc9hNipXf5us4pnbyS0QSfEqyZwYUgrzbdQqbVvU2AnVmxthMUnQwEEuqGk kHUW4aqYt/ZfedzBkz++swUjH3shXq+5sFEhQfYOx6vzy7+tB+seqJPVwV2pECHW 0e1xsDs1A6Iiv7Y62ZLJXDa8OLtGk31zHKMZOZsEuMk9FGcUyYQYWBi3EwrTkiJG 3cpIEdDlg91H6PgDrlUWjNJQkugq+aYy94Y3mF+zVYIrwbwCYQu1NLV1wqq6LaM= =R959 -----END PGP SIGNATURE-----
Created attachment 533686 [details] Xen 4.1.x fix
Created attachment 533687 [details] Xen 4.2.x fix.
Created attachment 533688 [details] xen-unstable fix.
bugbot adjusting priority
Created attachment 535339 [details] updated patch to fix ARM problems .
Created attachment 535340 [details] updated patch to fix ARM problems .
now public via xen.org
Charles, could we get a status?
(In reply to comment #8) > Charles, could we get a status? SLE11 SP3: Will be in RC1 SLE11 SP2: Running internal stage testing with fix. Just received word of another bug (CVE-2013-1964, xsa50) that probably needs to be included with this batch of security updates. There is no bug yet that I can find but I've been told it is already public. openSUSE 12.2/3: I can submit this anytime but first need to add xsa50.
CVE-2013-1964 is listed in bug#816156.
For everyone's information: An apparent regression with this change used under the xend/xm tool stack (breaking pass-through to PV guests) has been reported upstream (i.e. on xen-devel). Not root caused yet, and hence no fix (or ETA for one) available yet.
This is an autogenerated message for OBS integration: This bug (813675) was mentioned in https://build.opensuse.org/request/show/174763 Factory / xen
This is an autogenerated message for OBS integration: This bug (813675) was mentioned in https://build.opensuse.org/request/show/174892 Factory / xen
The tentative fix for the regression got verified on both 4.1 and 4.2, and was committed a minute ago to the upstream master branch. With that, this shouldn't be holding up the release of the maintenance update anymore.
The SWAMPID for this issue is 52595. This issue was rated as important. Please submit fixed packages until 2013-05-30. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Submitted for SLE11SP2: Xen: SR#26763 Vm-install: SR#26764 libvirt: SR#26758 virt-manager: SR#26765 See bnc#813673 for detailed bug fix list.
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP2 (i386, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
openSUSE-SU-2013:1392-1: An update that solves 12 vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 801663,803712,809662,813673,813675,813677,814709,816156,816159,816163,819416,820917,820919,820920,823011,823608,823786,824676,826882 CVE References: CVE-2013-1432,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2078,CVE-2013-2211 Sources used: openSUSE 12.2 (src): xen-4.1.5_04-5.29.1
openSUSE-SU-2013:1404-1: An update that solves 13 vulnerabilities and has 13 fixes is now available. Category: security (moderate) Bug References: 797285,797523,801663,802221,808085,808269,809662,813673,813675,814059,814709,816159,816163,817068,817210,817799,817904,818183,819416,820917,820919,820920,823011,823608,824676,826882 CVE References: CVE-2012-6075,CVE-2013-0151,CVE-2013-1432,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1922,CVE-2013-1952,CVE-2013-2007,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2078 Sources used: openSUSE 12.3 (src): xen-4.2.2_06-1.16.1
Closed as fixed.
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1-LTSS (i386, x86_64)
SUSE-SU-2014:0446-1: An update that fixes 47 vulnerabilities is now available. Category: security (important) Bug References: 777628,777890,779212,786516,786517,786519,786520,787163,789944,789945,789948,789950,789951,794316,797031,797523,800275,805094,813673,813675,813677,816156,816159,816163,819416,820917,820919,823011,823608,826882,831120,839596,839618,840592,841766,842511,848657,849667,849668,853049,860163 CVE References: CVE-2006-1056,CVE-2007-0998,CVE-2012-3497,CVE-2012-4411,CVE-2012-4535,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544,CVE-2012-5510,CVE-2012-5511,CVE-2012-5513,CVE-2012-5514,CVE-2012-5515,CVE-2012-5634,CVE-2012-6075,CVE-2012-6333,CVE-2013-0153,CVE-2013-0154,CVE-2013-1432,CVE-2013-1442,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-2211,CVE-2013-2212,CVE-2013-4329,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4494,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): xen-4.0.3_21548_16-0.5.1