xen: long latency virtual-mmu operations are not preemptible (CVE-2014-5146 CVE-2014-5149 / XSA-97)
Some MMU virtualization operations on HVM guests must process every page assigned to a guest. For larger guests, this can tie up a vcpu for a significant amount of time, as the operations are not preemptible.
For guests using Hardware Assisted Paging (HAP, see below) this is CVE-2014-5146. For guests not using HAP this is CVE-2014-5149.
All x86 Xen versions are vulnerable. The vulnerability is only exposed to HVM guests. In the default configuration, the vulnerability is only exposed to large guests (guests assigned more than 128Gbytes of memory).
References:
CONFIRM and PATCHES: http://seclists.org/oss-sec/2014/q3/350
(from redmine: issue id 3290, created on 2014-08-15, closed on 2014-08-26)
- Relations:
- child #3291 (closed)
- child #3292 (closed)
- child #3293 (closed)
- child #3294 (closed)
- Changesets:
- Revision deffb3e9 by Natanael Copa on 2014-08-25T13:10:07Z:
main/xen: security fix for XSA-97 (CVE-2014-5146,CVE-2014-5149)
ref #3290