[kernel-xen] Xen Security Advisory 122 (CVE-2015-2045) - Information leak through version information hypercall
Steven Haigh
netwiz at crc.id.au
Fri Mar 6 10:43:03 AEDT 2015
Xen Security Advisory CVE-2015-2045 / XSA-122
version 3
Information leak through version information hypercall
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
The code handling certain sub-operations of the HYPERVISOR_xen_version
hypercall fails to fully initialize all fields of structures
subsequently copied back to guest memory. Due to this hypervisor stack
contents are copied into the destination of the operation, thus
becoming visible to the guest.
IMPACT
======
A malicious guest might be able to read sensitive data relating to
other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
MITIGATION
==========
There is no mitigation available for this issue.
CREDITS
=======
This issue was discovered by Aaron Adams of NCC Group.
RESOLUTION
==========
Update to xen-4.2.5-10, xen-4.4.1-10 or xen-4.5.0-0.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20150306/aef060cc/attachment.sig>
More information about the kernel-xen
mailing list