Bug 826718 - VUL-0: CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough
VUL-0: CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM...
Status: RESOLVED DUPLICATE of bug 831120
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Charles Arnold
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-25 12:41 UTC by Alexander Bergmann
Modified: 2016-04-27 19:00 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-06-25 12:41:39 UTC
Via xen-security-issues:

EMBARGOED!

CRD: 2013-07-19 12:00 UTC

Date: Tue, 25 Jun 2013 17:12:46 +0000
From: "Xen.org security team"
Subject: [security@suse.de] Xen Security Advisory 60 - Excessive time to disable caching with HVM guests with PCI passthrough


                     Xen Security Advisory XSA-60

   Excessive time to disable caching with HVM guests with PCI passthrough

             *** EMBARGOED UNTIL 2013-07-19 12:00 UTC ***

ISSUE DESCRIPTION
=================

HVM guests are able to manipulate their physical address space such that
processing a subsequent request by that guest to disable caches takes an
extended amount of time changing the cachability of the memory pages assigned
to this guest. This applies only when the guest has been granted access to
some memory mapped I/O region (typically by way of assigning a passthrough
PCI device).

This can cause the CPU which processes the request to become unavailable,
possibly causing the hypervisor or a guest kernel (including the domain 0 one)
to halt itself ("panic").

This vulnerability has not yet been assigned a CVE Candidate number by
MITRE.  We will issue an updated version when this is available.

IMPACT
======

A malicious domain, given access to a device with memory mapped I/O
regions, can cause the host to become unresponsive for a period of
time, potentially leading to a DoS affecting the whole system.

VULNERABLE SYSTEMS
==================

Xen version 3.3 onwards is vulnerable.

Only systems using the Intel variant of Hardware Assisted Paging (aka EPT) are
vulnerable.

MITIGATION
==========

This issue can be avoided by not assigning PCI devices to untrusted guests, or
by running HVM guests with shadow mode paging (through adding "hap=0" to the
domain configuration file).

RESOLUTION
==========

There is currently no resolution to this issue.
Comment 1 Swamp Workflow Management 2013-06-25 16:00:21 UTC
bugbot adjusting priority