Bug 906996 - (CVE-2014-9065) VUL-0: CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation
VUL-0: CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-11-25 07:44 UTC by Johannes Segitz
Modified: 2016-04-27 19:32 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-11-25 07:44:38 UTC
Xen Security Advisory XSA-114

                       p2m lock starvation

             *** EMBARGOED UNTIL 2014-12-08 12:00 UTC ***


The current read/write lock implementation is read-biased, which allows
a consistent stream of readers to starve writers indefinitely.  There
are certain rwlocks where guests are capable of applying arbitrary read


A malicious guest administrator can deny service to other tasks.  If
the NMI watchdog is active, a timeout might be triggered, resulting in
a host crash.


Xen 4.2 and later systems are vulnerable.

Xen 4.1 and earlier are not vulnerable in normal configurations.  4.1
and earlier are vulnerable only insofar as features are used which
have already been explicitly discounted for security support purposes
(TMEM, see XSA-15; XSM-based radical disaggregation, see XSA-77).

Only x86 systems offer avenues for attacking this vulnerability.
ARM systems do not and are therefore not vulnerable.


There is no mitigation available for this issue.


Applying the appropriate attached patch resolves this issue in
practice for most systems.

In some deployments, large guests (more than around 30-40 VCPUs) may
still be able to trigger intermittent problems; a complete fix to this
issue requires substantial structural changes and is planned for Xen

xsa114.patch                 xen-unstable
xsa114-4.4.patch             Xen 4.4.x
xsa114-4.3.patch             Xen 4.3.x
xsa114-4.2.patch             Xen 4.2.x

$ sha256sum xsa114*.patch
7949c27c2a4529cec0163ede285827cc726aedd7e70462f6285fc75193178360  xsa114.patch
2b486dfe0fbccbff7e2d1fd1af2c859432c99d66158e8ad95a02e96c2f5979b4  xsa114-4.2.patch
f6f996ec5298f167175189c76c8558a2abebee0ef48e37f258d8b12a48674b0a  xsa114-4.3.patch
84dd0770ec89cfa4266487eadb2dc7d48a650fb4245f8961d81b96d24dc7c8b7  xsa114-4.4.patch
Comment 1 Johannes Segitz 2014-11-25 07:45:14 UTC
Created attachment 614835 [details]
Xen 4.2.x
Comment 2 Johannes Segitz 2014-11-25 07:45:32 UTC
Created attachment 614836 [details]
Xen 4.3.x
Comment 3 Johannes Segitz 2014-11-25 07:45:51 UTC
Created attachment 614837 [details]
Xen 4.4.x
Comment 4 Johannes Segitz 2014-11-25 07:46:08 UTC
Created attachment 614838 [details]
Comment 5 Swamp Workflow Management 2014-11-25 23:00:14 UTC
bugbot adjusting priority
Comment 6 Johannes Segitz 2014-11-26 08:19:19 UTC
CVEs got assigned: CVE-2014-9065, CVE-2014-9066
Comment 7 Johannes Segitz 2014-12-08 14:01:12 UTC
Comment 8 Swamp Workflow Management 2015-02-11 14:08:51 UTC
openSUSE-SU-2015:0256-1: An update that solves 11 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 826717,866902,882089,889526,896023,897906,898772,900292,901317,903357,903359,903850,903967,903970,904255,905465,905467,906439,906996,910681
CVE References: CVE-2013-3495,CVE-2014-5146,CVE-2014-5149,CVE-2014-8594,CVE-2014-8595,CVE-2014-8866,CVE-2014-8867,CVE-2014-9030,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361
Sources used:
openSUSE 13.2 (src):    xen-4.4.1_08-9.1
Comment 9 Swamp Workflow Management 2015-02-23 15:54:15 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-03-09.
When done, reassign the bug to security-team@suse.de.
Comment 10 Charles Arnold 2015-03-06 23:17:19 UTC
SLE12: MR#52782
SLE11-SP3: SR#52784
Comment 11 Swamp Workflow Management 2015-03-27 09:06:35 UTC
SUSE-SU-2015:0613-1: An update that solves 8 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 861318,882089,895528,901488,903680,904255,906996,910254,910681,912011,918995,918998,919098,919464,919663
CVE References: CVE-2014-3615,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    xen-4.4.1_10-9.1
SUSE Linux Enterprise Server 12 (src):    xen-4.4.1_10-9.1
SUSE Linux Enterprise Desktop 12 (src):    xen-4.4.1_10-9.1
Comment 12 Marcus Meissner 2015-12-08 14:26:36 UTC
wsas released