[kernel-xen] Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation
Steven Haigh
netwiz at crc.id.au
Mon Sep 30 22:12:05 EST 2013
Xen Security Advisory CVE-2013-4355 / XSA-63
version 3
Information leaks through I/O instruction emulation
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
Insufficient or missing error handling in certain routines dealing
with guest memory reads can lead to uninitialized data on the
hypervisor stack (potentially containing sensitive data from prior
work the hypervisor performed) being copied to guest visible storage.
This allows a malicious HVM guest to craft certain operations (namely,
but not limited to, port or memory mapped I/O writes) involving
physical or virtual addresses that have no actual memory associated
with them, so that hypervisor stack contents are copied into the
destination of the operation, thus becoming visible to the guest.
IMPACT
======
A malicious HVM guest might be able to read sensitive data relating
to other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
Only HVM guests can take advantage of this vulnerability.
MITIGATION
==========
Running only PV guests will avoid this issue.
CREDITS
=======
This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper & Tim Deegan.
RESOLUTION
==========
Fixed in xen-4.2.3-2.el6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20130930/724999b8/attachment.sig>
More information about the kernel-xen
mailing list