[v2.5] xen CVE-2013-2078 Hypervisor crash due to missing exception recovery on XSETBV
reference:
http://www.openwall.com/lists/oss-security/2013/06/03/3
ISSUE DESCRIPTION
Processors do certain validity checks on the register values passed to
XSETBV. For the PV emulation path for that instruction the hypervisor
code didn’t check for certain invalid bit combinations, thus exposing
itself to a fault occurring when invoking that instruction on behalf
of the guest.
IMPACT
Malicious or buggy unprivileged user space can cause the entire host
to crash.
VULNERABLE SYSTEMS
Xen 4.0 and onwards are vulnerable when run on systems with processors
supporting XSAVE. Only PV guests can exploit the vulnerability.
In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is
disabled by default; therefore systems running these versions are not
vulnerable unless support is explicitly enabled using the “xsave”
hypervisor command line option.
Systems using processors not supporting XSAVE are not vulnerable.
Xen 3.x and earlier are not vulnerable.
MITIGATION
Turning off XSAVE support via the “no-xsave” hypervisor command line
option will avoid the vulnerability.
RESOLUTION
Applying the attached patch resolves this issue.
xsa54.patch Xen 4.1.x, Xen 4.2.x, xen-unstable
$ sha256sum xsa54-*.patch
5d94946b3c9cba52aae2bffd4b0ebb11d09181650b5322a3c85170674a05f6b7
xsa54.patch
$
(from redmine: issue id 2056, created on 2013-06-03, closed on 2013-06-06)
- Relations:
- parent #2054 (closed)
- Changesets:
- Revision e466dbbf by Natanael Copa on 2013-06-05T15:04:11Z:
main/xen: security fixes (CVE-2013-2076,CVE-2013-2077,CVE-2013-2078)
ref #2044
ref #2049
ref #2054
fixes #2046
fixes #2051
fixes #2056
(cherry picked from commit f6e99451d47fbe7cdb852f48dd11006808db52ae)
Conflicts:
main/xen/APKBUILD
- Uploads: