SB2018112018 - Fedora 29 update for xen

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2018-19961)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to insufficient TLB flushing after improper large page mappings with AMD IOMMUs. An adjacent attacker can cause the service to crash.

2) Privilege escalation (CVE-ID: CVE-2018-19962)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists on AMD x86 platforms due to small IOMMU mappings are unsafely combined into larger ones. An adjacent attacker can gain host OS privileges.

3) Denial of service (CVE-ID: CVE-2018-19965)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to an error when attempting to use INVPCID with a non-canonical addresses. An adjacent attacker can cause the service to crash.

4) Denial of service (CVE-ID: CVE-2018-19966)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to XSA-240 conflicts with shadow paging. An adjacent attacker can cause the service to crash.

5) Denial of service (CVE-ID: CVE-2018-19963)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to resource accounting issues in x86 IOREQ server handling. An adjacent attacker can cause the service to crash.

6) Denial of service (CVE-ID: CVE-2018-19964)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to incorrect error handling for guest p2m page removals. An adjacent attacker can cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fde555d91