Bugzilla – Bug 906996
VUL-0: CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation
Last modified: 2016-04-27 19:32:26 UTC
Xen Security Advisory XSA-114 p2m lock starvation *** EMBARGOED UNTIL 2014-12-08 12:00 UTC *** ISSUE DESCRIPTION ================= The current read/write lock implementation is read-biased, which allows a consistent stream of readers to starve writers indefinitely. There are certain rwlocks where guests are capable of applying arbitrary read pressure. IMPACT ====== A malicious guest administrator can deny service to other tasks. If the NMI watchdog is active, a timeout might be triggered, resulting in a host crash. VULNERABLE SYSTEMS ================== Xen 4.2 and later systems are vulnerable. Xen 4.1 and earlier are not vulnerable in normal configurations. 4.1 and earlier are vulnerable only insofar as features are used which have already been explicitly discounted for security support purposes (TMEM, see XSA-15; XSM-based radical disaggregation, see XSA-77). Only x86 systems offer avenues for attacking this vulnerability. ARM systems do not and are therefore not vulnerable. MITIGATION ========== There is no mitigation available for this issue. RESOLUTION ========== Applying the appropriate attached patch resolves this issue in practice for most systems. In some deployments, large guests (more than around 30-40 VCPUs) may still be able to trigger intermittent problems; a complete fix to this issue requires substantial structural changes and is planned for Xen 4.6. xsa114.patch xen-unstable xsa114-4.4.patch Xen 4.4.x xsa114-4.3.patch Xen 4.3.x xsa114-4.2.patch Xen 4.2.x $ sha256sum xsa114*.patch 7949c27c2a4529cec0163ede285827cc726aedd7e70462f6285fc75193178360 xsa114.patch 2b486dfe0fbccbff7e2d1fd1af2c859432c99d66158e8ad95a02e96c2f5979b4 xsa114-4.2.patch f6f996ec5298f167175189c76c8558a2abebee0ef48e37f258d8b12a48674b0a xsa114-4.3.patch 84dd0770ec89cfa4266487eadb2dc7d48a650fb4245f8961d81b96d24dc7c8b7 xsa114-4.4.patch
Created attachment 614835 [details] Xen 4.2.x
Created attachment 614836 [details] Xen 4.3.x
Created attachment 614837 [details] Xen 4.4.x
Created attachment 614838 [details] xen-unstable
bugbot adjusting priority
CVEs got assigned: CVE-2014-9065, CVE-2014-9066
public
openSUSE-SU-2015:0256-1: An update that solves 11 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 826717,866902,882089,889526,896023,897906,898772,900292,901317,903357,903359,903850,903967,903970,904255,905465,905467,906439,906996,910681 CVE References: CVE-2013-3495,CVE-2014-5146,CVE-2014-5149,CVE-2014-8594,CVE-2014-8595,CVE-2014-8866,CVE-2014-8867,CVE-2014-9030,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361 Sources used: openSUSE 13.2 (src): xen-4.4.1_08-9.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-03-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60766
SLE12: MR#52782 SLE11-SP3: SR#52784
SUSE-SU-2015:0613-1: An update that solves 8 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 861318,882089,895528,901488,903680,904255,906996,910254,910681,912011,918995,918998,919098,919464,919663 CVE References: CVE-2014-3615,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.1_10-9.1
wsas released