Bug 851386 - (CVE-2013-6375) VUL-0: CVE-2013-6375: xen: XSA-78: Insufficient TLB flushing in VT-d (iommu) code
VUL-0: CVE-2013-6375: xen: XSA-78: Insufficient TLB flushing in VT-d (iommu) ...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:55163:moderate maint:r...
Depends on:
  Show dependency treegraph
Reported: 2013-11-20 17:12 UTC by Marcus Meissner
Modified: 2013-12-19 21:06 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

xsa78.patch (872 bytes, patch)
2013-11-20 17:12 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-11-20 17:12:14 UTC
is public, via oss-sec

                    Xen Security Advisory XSA-78

           Insufficient TLB flushing in VT-d (iommu) code


An inverted boolean parameter resulted in TLB flushes not happening
upon clearing of a present translation table entry.  Retaining stale
TLB entries could allow guests access to memory that ought to have
been revoked, or grant greater access than intended.


Malicious guest administrators might be able to cause host-wide denial
of service, or escalate their privilege to that of the host.


Xen 4.2.x and later are vulnerable.
Xen 4.1.x and earlier are not vulnerable.

Only systems using Intel VT-d for PCI passthrough are vulnerable.


This issue can be avoided by not assigning PCI devices to untrusted guests on
systems supporting Intel VT-d.


This issue was disclosed publicly on the xen-devel mailing list.


Applying the attached patch resolves this issue.

xsa78.patch        Xen 4.2.x, Xen 4.3.x, xen-unstable

$ sha256sum xsa78*.patch
2b858188495542b393532dfeb108ae95cbb507a008b5ebf430b96c95272f9e0e  xsa78.patch
Comment 1 Marcus Meissner 2013-11-20 17:12:48 UTC
Created attachment 568294 [details]

Comment 2 Swamp Workflow Management 2013-11-20 23:00:16 UTC
bugbot adjusting priority
Comment 3 Charles Arnold 2013-11-25 21:13:13 UTC
Xen is submitted for SLE11-SP3 SR#: 29549
Comment 5 Swamp Workflow Management 2013-12-16 10:05:30 UTC
openSUSE-SU-2013:1876-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 845520,848657,849665,849667,849668,851386,851749
CVE References: CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554
Sources used:
openSUSE 13.1 (src):    xen-4.3.1_02-4.4
Comment 6 Marcus Meissner 2013-12-19 15:43:51 UTC
Comment 7 Swamp Workflow Management 2013-12-19 17:48:56 UTC
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, x86_64)
Comment 8 Swamp Workflow Management 2013-12-19 21:06:23 UTC
SUSE-SU-2013:1923-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 833483,840997,842417,846849,848014,848657,849665,849667,849668,851386
CVE References: CVE-2013-1922,CVE-2013-2007,CVE-2013-4375,CVE-2013-4416,CVE-2013-4494,CVE-2013-4551,CVE-2013-4553,CVE-2013-4554
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    xen-4.2.3_08-0.7.1
SUSE Linux Enterprise Server 11 SP3 (src):    xen-4.2.3_08-0.7.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    xen-4.2.3_08-0.7.1