SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
SecurityTracker Alert ID:  1034105
SecurityTracker URL:  http://securitytracker.com/id/1034105
CVE Reference:   CVE-2015-5307, CVE-2015-8104   (Links to External Site)
Date:  Nov 10 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.3.x, 4.4.x, 4.5.x, 4.6.x
Description:   Two vulnerabilities were reported in Xen. A local user on the guest system can cause denial of service conditions on the host system.

The processing of benign exceptions may result in an infinite loop in the CPU. A local user on the guest system can exploit this to cause denial of service conditions on the host system.

An alignment check exception may be triggered by a 32-bit guest [CVE-2015-5307].

A debug exception can be triggered [CVE-2015-8104].

ARM is not affected.

x86 PV VMs are not affected.

x86 CPUs from all manufacturers are affected.

Ben Serebrin from Google and Jan Beulich from SUSE reported these vulnerabilities.

Impact:   A local user on the guest system can cause denial of service conditions on the host system.
Solution:   The vendor has issued a fix (xsa156-4.3.patch, xsa156-4.4.patch, xsa156-4.5.patch, and xsa156.patch).

The vendor's advisory is available at:

http://xenbits.xen.org/xsa/advisory-156.html

Vendor URL:  xenbits.xen.org/xsa/advisory-156.html (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 10 2015 (Ubuntu Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Ubuntu has issued a fix for the Linux Kernel for Ubuntu Linux 12.04 LTS.
Nov 20 2015 (Citrix Issues Fix for Citrix XenServer) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Citrix has issued a fix for Citrix XenServer.
Dec 10 2015 (Red Hat Issues Fix for the Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for the Linux Kernel for Red Hat Enterprise Linux 7.1.
Dec 11 2015 (Oracle Issues Fix for Oracle Linux for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Oracle has issued a fix for the Linux Kernel for Oracle Linux 7.
Dec 14 2015 (Red Hat Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Dec 15 2015 (Red Hat Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for the Linux Kernel for Red Hat Enterprise Linux 6.5.
Dec 16 2015 (CentOS Issues Fix for the Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
CentOS has issued a fix for the Linux Kernel for CentOS 6.
Dec 16 2015 (Oracle Issues Fix for the Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Oracle has issued a fix for the Linux Kernel for Oracle Linux 6.
Dec 16 2015 (Red Hat Issues Fix for the Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for the Linux Kernel for Red Hat Enterprise Linux 6.
Dec 17 2015 (Ubuntu Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Ubuntu has issued a fix for the Linux Kernel for Ubuntu Linux 12.04 LTS.
Dec 17 2015 (Ubuntu Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Ubuntu has issued a fix for the Linux Kernel for Ubuntu Linux 14.04 LTS.
Dec 22 2015 (Citrix Issues Fix for Citrix XenServer) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Citrix has issued a fix for Citrix XenServer.
Jan 7 2016 (Red Hat Issues Fix) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4.
Jan 19 2016 (Red Hat Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for the Linux Kernel for Red Hat Enterprise Linux 6.2.
Jan 20 2016 (Oracle Issues Fix for Oracle VM VirtualBox) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Oracle has issued a fix for Oracle VM VirtualBox.
Feb 3 2016 (Red Hat Issues Fix for Linux Kernel) Xen Exception Handling Bugs Let Local Users on a Guest System Cause Denial of Service Conditions on the Host System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.1.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC