xen: multiple issues (CVE-2014-2599, CVE-2014-3124, CVE-2014-3967, CVE-2014-3968, CVE-2014-4021, CVE-2014-7188)
The following critical vulnerabilities have been fixed in new version of
xen (4.2.5 and 4.3.3):
•CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
•CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries
to be created
•CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI
injection
•CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
Also a new vulnerability CVE-2014-7188 have not been fixed in an
official release, however a patch is already enabled:
•CVE-2014-7188: Improper MSR range used for x2APIC emulation.
The patch could be found by the link below.
References:
FIXES in 4.2.5:
http://xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-425.html
FIXES in 4.3.3:
http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-433.html
PATCH: http://xenbits.xen.org/xsa/advisory-108.html
(from redmine: issue id 3412, created on 2014-10-02, closed on 2014-10-23)
- Relations:
- child #3413 (closed)
- child #3414 (closed)
- child #3415 (closed)
- child #3416 (closed)
- Changesets:
- Revision 60ab8e12 by Natanael Copa on 2014-10-02T16:40:34Z:
main/xen: upgrade to 4.3.3 and fix CVE-2014-7188
The following critical vulnerabilities have been fixed:
- CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
- CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries
to be created
- CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
- CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
Also add patch for xsa108:
- CVE-2014-7188: Improper MSR range used for x2APIC emulation.
ref #3412
- Revision 9cba7900 by Natanael Copa on 2014-10-23T11:48:32Z:
main/xen: security upgrade to 4.2.5 and patches
The 4.2.5 release fixes:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
In addition we add patches for:
CVE-2014-7154 / XSA-104 Race condition in HVMOP_track_dirty_vram
CVE-2014-7155 / XSA-105 Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
CVE-2014-7156 / XSA-106 Missing privilege level checks in x86 emulation of
software interrupts
CVE-2014-7188 / XSA-108 Improper MSR range used for x2APIC emulation
fixes #3412
fixes #3457