SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
SecurityTracker Alert ID:  1031806
SecurityTracker URL:  http://securitytracker.com/id/1031806
CVE Reference:   CVE-2015-2044, CVE-2015-2045, CVE-2015-2150, CVE-2015-2151, CVE-2015-2152, CVE-2015-8553   (Links to External Site)
Updated:  Apr 14 2016
Original Entry Date:  Feb 27 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Xen. A local user on a guest system can access potentially sensitive information from the hypervisor. A local user on a guest system can cause the host system to crash. A local user with limited privileges on the guest system may be able to access an SDL or VNC backend on the target guest system.

Some internal x86 system device emulation routines in the hypervisor do not properly set data to be returned in response to a call from the guest and may contain hypervisor stack contents [CVE-2015-2044; See separate Alert ID 1031836].

The HYPERVISOR_xen_version hypercall does not properly initialize data structures to be returned in response to a call from the guest and may contain hypervisor stack contents [CVE-2015-2045; See separate Alert ID 1031837].

A local user on a guest domain can cause a PCI Express device to issue Unsupported Request (UR) responses, which may cause the host to crash [CVE-2015-2150; See separate Alert ID 1031902].

A local user on a guest system can exploit an x86 emulation flaw to trigger a pointer corruption and read potentially sensitive information about other guest systems or cause the host system to crash [CVE-2015-2151; See separate Alert ID 1031903].

A local user with limited privileges on the guest system can exploit an emulated VGA device flaw to access an SDL or VNC backend on the target guest system without permission [CVE-2015-2152; See separate Alert ID 1031919].

A local user on a guest domain can obtain potentially sensitive information from uninitialized portions of host kernel memory [CVE-2015-8553].

[Editor's note: In February 2015, the vendor pre-released advisories XSA-119 through XSA-123 under embargo. On March 5, 2015, the vendor publicly released advisories XSA-121 and XSA-122. On March 10, 2015, the vendor publicly released advisories XSA-120 and XSA-123. On March 12, 2015, the vendor publicly released advisory XSA-119.]

Impact:   A local user on a guest system can access potentially sensitive information from the hypervisor, including information from other guests.

A local user on a guest system can cause the host system to crash.

A local user with limited privileges on the guest system may be able to access an SDL or VNC backend on the target guest system without permission.

Solution:   The vendor has developed a fix.

On March 5, 2015, the vendor publicly released two advisories, available at:

http://xenbits.xen.org/xsa/advisory-121.html
http://xenbits.xen.org/xsa/advisory-122.html

On March 10, 2015, the vendor publicly released two advisories, available at:

http://xenbits.xen.org/xsa/advisory-120.html
http://xenbits.xen.org/xsa/advisory-123.html

[Editor's note: On March 31, 2015, the vendor released revised patches for CVE-2015-2150 because the original patch for CVE-2015-2150 (XSA-120) was incomplete.]

On March 12, 2015, the vendor publicly released the final advisory, available at:

http://xenbits.xen.org/xsa/advisory-119.html

Vendor URL:  www.xen.org/ (Links to External Site)
Cause:   Access control error, Not specified
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 13 2015 (Citrix Issues Fix for Citrix XenServer) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
Citrix has issued a fix for Citrix XenServer 6.0.0, 6.0.2, 6.1, 6.2 SP1, and 6.5.
Jun 12 2015 (Ubuntu Issues Fix for Linux) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
Ubuntu issued an advisory for Linux on Ubuntu 12.04 LTS.
Mar 15 2016 (Red Hat Issues Fix for Linux Kernel) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
Red Hat has issued a fix for Linux Kernel for Red Hat Enterprise Linux 5.
Mar 17 2016 (Oracle Issues Fix for Oracle Linux) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
Oracle has issued a fix for Oracle Linux 5.
Mar 17 2016 (CentOS Issues Fix for Linux Kernel) Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
CentOS has issued a fix for CentOS 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC