[v3.0] xen: multiple issues (CVE-2014-3969, CVE-2015-2044, CVE-2015-2045, CVE-2015-2150, CVE-2015-2151, CVE-2015-2152)
Xen Security Advisory 98, 119-123: =
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM
Affected:
————-
Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward
Description and patches: http://xenbits.xen.org/xsa/advisory-98.html
————————————
=
Xen Security Advisory 119 (CVE-2015-2152) - HVM qemu unexpectedly
enabling emulated VGA graphics backends
Affected:
————-
ARM systems are not vulnerable. PV domains are not vulnerable. Systems
where either SDL or VNC is explicitly enabled in the guest configuration
(eg `sdl=1’ or `vnc=1’ in the guest config file) are not vulnerable.
Systems using qemu-xen-traditional, or systems using qemu-xen where SDL support is built into qemu-xen, are not vulnerable; unless the Xen toolstack code runs in a process environment partially controlled by potential attackers.
x86 systems running HVM domains, configured to disable both SDL and VNC access to the emulated VGA device, may be vulnerable.
Versions of Xen from 4.2 onwards are known to be affected. Older versions have not been inspected.
Description and patches: http://xenbits.xen.org/xsa/advisory-119.html
————————————
=
Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts
triggerable by guests:
Affected:
————-
Xen versions 3.3 and onwards are vulnerable due to supporting PCI
pass-through. Upstream Linux versions 3.1 and onwards are vulnerable due
to supporting PCI backend functionality. Other Linux versions as well as
other OS versions may be vulnerable too.
Any domain which is given access to a non-SR-IOV virtual function PCI Express device can take advantage of this vulnerability.
Description and patches: http://xenbits.xen.org/xsa/advisory-120.html
————————————
=
Xen Security Advisory 121 (CVE-2015-2044) - Information leak via
internal x86 system device emulation:
Affected:
————-
Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been
inspected.
Only HVM guests can take advantage of this vulnerability.
Only x86 systems are vulnerable. ARM systems are not vulnerable.
Description and patches: http://xenbits.xen.org/xsa/advisory-121.html
————————————
=
Xen Security Advisory 122 (CVE-2015-2045) - Information leak through
version information hypercall:
Affected:
————-
Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been
inspected.
Description and patches: http://xenbits.xen.org/xsa/advisory-122.html
————————————
=
Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption
due to x86 emulator flaw
Affected:
————-
Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been
inspected.
Description and patches: http://xenbits.xen.org/xsa/advisory-123.html
(from redmine: issue id 4079, created on 2015-04-21, closed on 2017-09-05)
- Relations:
- parent #4076