Bugzilla – Bug 910681
VUL-0: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown
Last modified: 2016-12-02 23:25:59 UTC
CRD: 2015-01-06 12:00 UTC Xen Security Advisory CVE-2015-0361 / XSA-116 version 2 xen crash due to use after free on hvm guest teardown *** EMBARGOED UNTIL 2015-01-06 12:00 UTC *** UPDATES IN VERSION 2 ==================== CVE assigned. ISSUE DESCRIPTION ================= Certain data accessible (via hypercalls) by the domain controlling the execution of a HVM domain is being freed prematurely, leading to the respective memory regions to possibly be read from and written to in ways unexpected by their new owner(s). IMPACT ====== Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack which, if successful, can affect the whole system. Only domains controlling HVM guests can exploit this vulnerability. (This includes domains providing hardware emulation services to HVM guests.) VULNERABLE SYSTEMS ================== Xen versions from 4.2 onwards are vulnerable on x86 systems. ARM systems are not vulnerable. This vulnerability is only applicable to Xen systems using stub domains or other forms of disaggregation of control domains for HVM guests. MITIGATION ========== Running only PV guests will avoid this issue. (The security of a Xen system using stub domains is still better than with a qemu-dm running as an unrestricted dom0 process. Therefore users with these configurations should not switch to an unrestricted dom0 qemu-dm.) RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa116.patch xen-unstable, Xen 4.4.x xsa116-4.3-4.2.patch Xen 4.3.x, Xen 4.2.x $ sha256sum xsa116*.patch 2c8fac98afc3a1bf53b57ba8db09c962eb2b3c4a03e1aad66ae3ed108c6b9d4c xsa116.patch 4f961f5f30a75ff312e5d62d7ccd3fcff4e4b179538fb3d10797d8026512ba36 xsa116-4.3-4.2.patch $
Created attachment 617868 [details] xsa116.patch
Created attachment 617869 [details] xsa116-4.3-4.2.patch
bugbot adjusting priority
public
openSUSE-SU-2015:0226-1: An update that solves 11 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 826717,866902,882089,889526,900292,901317,903357,903359,903850,903967,903970,905465,905467,906439,906996,910681 CVE References: CVE-2013-3495,CVE-2014-5146,CVE-2014-5149,CVE-2014-8594,CVE-2014-8595,CVE-2014-8866,CVE-2014-8867,CVE-2014-9030,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361 Sources used: openSUSE 13.1 (src): xen-4.3.3_04-34.1
openSUSE-SU-2015:0256-1: An update that solves 11 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 826717,866902,882089,889526,896023,897906,898772,900292,901317,903357,903359,903850,903967,903970,904255,905465,905467,906439,906996,910681 CVE References: CVE-2013-3495,CVE-2014-5146,CVE-2014-5149,CVE-2014-8594,CVE-2014-8595,CVE-2014-8866,CVE-2014-8867,CVE-2014-9030,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361 Sources used: openSUSE 13.2 (src): xen-4.4.1_08-9.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-03-09. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60766
SLE11-SP3: SR#52784 (already released for SLE12)
SUSE-SU-2015:0613-1: An update that solves 8 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 861318,882089,895528,901488,903680,904255,906996,910254,910681,912011,918995,918998,919098,919464,919663 CVE References: CVE-2014-3615,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.1_10-9.1
released