Bugzilla – Bug 820920
VUL-1: CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54)
Last modified: 2018-10-19 18:20:01 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2078 / XSA-54 version 2 Hypervisor crash due to missing exception recovery on XSETBV *** EMBARGOED UNTIL 2013-06-03 12:00 UTC *** UPDATES IN VERSION 2 ==================== Explain that Xen 4.1.x is not vulnerable by default, since XSAVE is disabled by default in 4.1.x. ISSUE DESCRIPTION ================= Processors do certain validity checks on the register values passed to XSETBV. For the PV emulation path for that instruction the hypervisor code didn't check for certain invalid bit combinations, thus exposing itself to a fault occurring when invoking that instruction on behalf of the guest. IMPACT ====== Malicious or buggy unprivileged user space can cause the entire host to crash. VULNERABLE SYSTEMS ================== Xen 4.0 and onwards are vulnerable when run on systems with processors supporting XSAVE. Only PV guests can exploit the vulnerability. In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default; therefore systems running these versions are not vulnerable unless support is explicitly enabled using the "xsave" hypervisor command line option. Systems using processors not supporting XSAVE are not vulnerable. Xen 3.x and earlier are not vulnerable. MITIGATION ========== Turning off XSAVE support via the "no-xsave" hypervisor command line option will avoid the vulnerability. RESOLUTION ========== Applying the attached patch resolves this issue. xsa54.patch Xen 4.1.x, Xen 4.2.x, xen-unstable $ sha256sum xsa54-*.patch 5d94946b3c9cba52aae2bffd4b0ebb11d09181650b5322a3c85170674a05f6b7 xsa54.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRlqVcAAoJEIP+FMlX6CvZaHQH/jlXJMvhgz6U0FuhOXAxKBxJ sfCVOkq/fyyVPUMor/8SBvJcOIHrGXNHbEebALSiBHNlhCyGg46VkN6EgpGWmKVF dg5cA2H/WvjYGBlVLMuHo82y/IXy/b7y0m9XRxfgrompIPBXAqiO/5Qpkq0hIj+9 S9qJjlZYHXm4FnlNcK4YGivJD3/OoSbJSLgXgX6MOlfN4NOLuXuedHAGtFs+LBSf Kfh6LiL0vdx8FyLKNndMt8OsHvjTWNrNq0XSz3TxmBZX9wSt7/Qndl3PR6YJE7TU /uXxlqeoSSr139PNt6tsybfRmLQya/dOG6vnowWYgfOUTO93L+vddmePFA5O6D8= =ka10 -----END PGP SIGNATURE-----
bugbot adjusting priority
The SWAMPID for this issue is 52595. This issue was rated as important. Please submit fixed packages until 2013-05-30. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Submitted for SLE11SP2: Xen: SR#26763 Vm-install: SR#26764 libvirt: SR#26758 virt-manager: SR#26765 See bnc#813673 for detailed bug fix list.
Now public via "Xen.org security team" <security@xen.org>.
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP2 (i386, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, x86_64)
opensuse affected still
openSUSE-SU-2013:1392-1: An update that solves 12 vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 801663,803712,809662,813673,813675,813677,814709,816156,816159,816163,819416,820917,820919,820920,823011,823608,823786,824676,826882 CVE References: CVE-2013-1432,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2078,CVE-2013-2211 Sources used: openSUSE 12.2 (src): xen-4.1.5_04-5.29.1
openSUSE-SU-2013:1404-1: An update that solves 13 vulnerabilities and has 13 fixes is now available. Category: security (moderate) Bug References: 797285,797523,801663,802221,808085,808269,809662,813673,813675,814059,814709,816159,816163,817068,817210,817799,817904,818183,819416,820917,820919,820920,823011,823608,824676,826882 CVE References: CVE-2012-6075,CVE-2013-0151,CVE-2013-1432,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1922,CVE-2013-1952,CVE-2013-2007,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2078 Sources used: openSUSE 12.3 (src): xen-4.2.2_06-1.16.1
Closed as fixed.