Bug 1047275 – VUL-0: CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OSusers to cause a denial of service (hypervisor crash), aka XSA-223.

Bug 1047275 - (CVE-2017-10919) VUL-0: CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OSusers to cause a denial of service (hypervisor crash), aka XSA-223.

(CVE-2017-10919)
Summary:	VUL-0: CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injecti...

Status:	RESOLVED UPSTREAM

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/187841/
Whiteboard:	CVSSv3:RedHat:CVE-2017-10919:7.7:(AV...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-07-05 06:26 UTC by Marcus Meissner
Modified:	2017-10-18 15:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-07-05 06:26:47 UTC

CVE-2017-10919

                    Xen Security Advisory XSA-223
                              version 2

              ARM guest disabling interrupt may crash Xen

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

Virtual interrupt injection could be triggered by a guest when sending
an SGI (e.g IPI) to any vCPU or by configuring timers. When the virtual
interrupt is masked, a missing check in the injection path may result in
reading invalid hardware register or crashing the host.

IMPACT
======

A guest may cause a hypervisor crash, resulting in a Denial of Service
(DoS).

VULNERABLE SYSTEMS
==================

All Xen versions which support ARM are affected.

x86 systems are not affected.

MITIGATION
==========

On systems where the guest kernel is controlled by the host rather than
guest administrator, running only kernels which do not disable SGI and
PPI (i.e IRQ < 32) will prevent untrusted guest users from exploiting
this issue. However untrusted guest administrators can still trigger it
unless further steps are taken to prevent them from loading code into
the kernel (e.g by disabling loadable modules etc) or from using other
mechanisms which allow them to run code at kernel privilege.

CREDITS
=======

This issue was discovered by Julien Grall of ARM.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10919
https://xenbits.xen.org/xsa/advisory-223.html

Comment 1 Marcus Meissner 2017-07-05 06:27:12 UTC

we do not ship XEN on arm.