SB2015010901 - SUSE Linux update for xen

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-3495)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).

2) Resource management error (CVE-ID: CVE-2014-5146)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.

3) Resource management error (CVE-ID: CVE-2014-5149)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.

4) NULL pointer dereference (CVE-ID: CVE-2014-8594)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). A remote attacker can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2014-8595)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.

6) Input validation error (CVE-ID: CVE-2014-8866)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

7) Input validation error (CVE-ID: CVE-2014-8867)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

8) Input validation error (CVE-ID: CVE-2014-9030)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2015-01/msg00003.html