Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0940-1

Опубликовано: 22 нояб. 2012
Источник: suse-cvrf

Описание

Security update for Xen

This update fixes the following security issues in Xen:

* CVE-2012-5510: Grant table version switch list corruption vulnerability (XSA-26) * CVE-2012-5511: Several HVM operations do not validate the range of their inputs (XSA-27) * CVE-2012-5513: XENMEM_exchange may overwrite hypervisor memory (XSA-29) * CVE-2012-5514: Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30) * CVE-2012-5515: Several memory hypercall operations allow invalid extent order values (XSA-31)

Also the following fix has been applied:

* bnc#777628 - guest 'disappears' after live migration Updated block-dmmd script

Security Issues references:

* CVE-2012-5513 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513> * CVE-2012-5514 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514> * CVE-2012-5511 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511> * CVE-2012-5510 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510> * CVE-2012-5515 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515>

Список пакетов

SUSE Linux Enterprise Server 11 SP1-LTSS
xen-4.0.3_21548_12-0.3.1
xen-doc-html-4.0.3_21548_12-0.3.1
xen-doc-pdf-4.0.3_21548_12-0.3.1
xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1
xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
xen-libs-4.0.3_21548_12-0.3.1
xen-tools-4.0.3_21548_12-0.3.1
xen-tools-domU-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-TERADATA
xen-4.0.3_21548_12-0.3.1
xen-doc-html-4.0.3_21548_12-0.3.1
xen-doc-pdf-4.0.3_21548_12-0.3.1
xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.19-0.21.1
xen-kmp-trace-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
xen-libs-4.0.3_21548_12-0.3.1
xen-tools-4.0.3_21548_12-0.3.1
xen-tools-domU-4.0.3_21548_12-0.3.1

Ссылки

Описание

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки

Описание

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-html-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-doc-pdf-4.0.3_21548_12-0.3.1
SUSE Linux Enterprise Server 11 SP1-LTSS:xen-kmp-default-4.0.3_21548_12_2.6.32.54_0.11.TDC-0.3.1
Ссылки
Уязвимость SUSE-SU-2015:0940-1