[kernel-xen] Xen Security Advisory 121 (CVE-2015-2044) - Information leak via internal x86 system device emulation

Steven Haigh netwiz at crc.id.au
Fri Mar 6 10:42:24 AEDT 2015


            Xen Security Advisory CVE-2015-2044 / XSA-121
                              version 3

       Information leak via internal x86 system device emulation

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

Emulation routines in the hypervisor dealing with certain system
devices check whether the access size by the guest is a supported one.
When the access size is unsupported these routines failed to set the
data to be returned to the guest for read accesses, so that hypervisor
stack contents are copied into the destination of the operation, thus
becoming visible to the guest.

IMPACT
======

A malicious HVM guest might be able to read sensitive data relating
to other guests.

VULNERABLE SYSTEMS
==================

Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.

Only HVM guests can take advantage of this vulnerability.

Only x86 systems are vulnerable.  ARM systems are not vulnerable.

MITIGATION
==========

Running only PV guests will avoid this issue.

CREDITS
=======

This issue was discovered by Jan Beulich of SUSE.

RESOLUTION
==========

Update to xen-4.2.5-10, xen-4.4.1-10 or xen-4.5.0-0.3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20150306/c4f68531/attachment.sig>


More information about the kernel-xen mailing list