SB2015060303 - Multiple vulnerabilities in Xen
Published: June 3, 2015 Updated: August 9, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2015-4164)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
2) Input validation error (CVE-ID: CVE-2015-4163)
The vulnerability allows local guest domains to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
3) Resource management error (CVE-ID: CVE-2015-4105)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-4104)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-4103)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
- http://support.citrix.com/article/CTX201145
- http://www.debian.org/security/2015/dsa-3286
- http://www.securityfocus.com/bid/75149
- http://www.securitytracker.com/id/1032569
- http://xenbits.xen.org/xsa/advisory-136.html
- https://security.gentoo.org/glsa/201604-03
- http://www.securityfocus.com/bid/75141
- http://www.securitytracker.com/id/1032568
- http://xenbits.xen.org/xsa/advisory-134.html
- https://support.citrix.com/article/CTX206006
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
- http://www.debian.org/security/2015/dsa-3284
- http://www.securityfocus.com/bid/74948
- http://www.securitytracker.com/id/1032465
- http://www.ubuntu.com/usn/USN-2630-1
- http://xenbits.xen.org/xsa/advisory-130.html
- http://www.securityfocus.com/bid/74950
- http://www.securitytracker.com/id/1032464
- http://xenbits.xen.org/xsa/advisory-129.html
- http://www.securityfocus.com/bid/74947
- http://www.securitytracker.com/id/1032456
- http://xenbits.xen.org/xsa/advisory-128.html