[v2.5] xen: one more issue pack (CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188)
CVE-2014-7154 / XSA-104: Race condition in HVMOP_track_dirty_vram
VULNERABLE SYSTEMS: Xen versions from 4.0.0 onwards are vulnerable. This vulnerability is only applicable to Xen systems using stub domains or other forms of disaggregation of control domains for HVM guests.
RESOLUTION: Applying patch xsa104.patch (xen-unstable, Xen 4.4.x, Xen
4.3.x, Xen 4.2.x) resolves this issue. You can find the patch by the
link below.
http://seclists.org/oss-sec/2014/q3/att-635/xsa104.patch
CVE-2014-7155 / XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
VULNERABLE SYSTEMS: Xen versions from at least 3.2.x onwards are vulnerable. Older versions have not been inspected. Only user processes in HVM guests can take advantage of this vulnerability.
RESOLUTION: Applying patch xsa105.patch resolves this issue
(xen-unstable, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x). You can find the patch
by the link below.
http://seclists.org/oss-sec/2014/q3/att-637/xsa105.patch
CVE-2014-7156 / XSA-106: Missing privilege level checks in x86 emulation of software interrupts
VULNERABLE SYSTEMS: Xen versions from 3.3 onwards are vulnerable. Only user processes in HVM guests can take advantage of this vulnerability.
RESOLUTION: Applying patch xsa106.patch resolves this issue
(xen-unstable, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x). You can find the patch
by the link below.
http://seclists.org/oss-sec/2014/q3/att-636/xsa106.patch
CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation
VULNERABLE SYSTEMS: Xen 4.1 and onward are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable.
RESOLUTION: Applying patch xsa108.patch (xen-unstable, Xen 4.4.x, Xen
4.3.x, Xen 4.2.x) resolves this issue. You can find the patch by the
link below.
http://seclists.org/oss-sec/2014/q4/att-7/xsa108.patch
References:
http://seclists.org/oss-sec/2014/q3/635
http://seclists.org/oss-sec/2014/q3/637
http://seclists.org/oss-sec/2014/q3/636
http://seclists.org/oss-sec/2014/q4/7
(from redmine: issue id 3457, created on 2014-10-17, closed on 2014-10-23)
- Relations:
- parent #3456 (closed)
- Changesets:
- Revision 9cba7900 by Natanael Copa on 2014-10-23T11:48:32Z:
main/xen: security upgrade to 4.2.5 and patches
The 4.2.5 release fixes:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
In addition we add patches for:
CVE-2014-7154 / XSA-104 Race condition in HVMOP_track_dirty_vram
CVE-2014-7155 / XSA-105 Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
CVE-2014-7156 / XSA-106 Missing privilege level checks in x86 emulation of
software interrupts
CVE-2014-7188 / XSA-108 Improper MSR range used for x2APIC emulation
fixes #3412
fixes #3457