Difference between revisions of "Security Announcements (Historical)"

From Xen
(XSA-36 through XSA-43)
(Historical Advisories up to XSA-57)
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The following security advisories have been made in accordance with the [http://www.xen.org/projects/security_vulnerability_process.html xen.org security problem response process].
+
Security advisories are made available in accordance with the [http://www.xenproject.org/security-policy.html Xen security problem response process].
  +
{{Niceline}}
  +
{{Trailbox|Essential Information|
  +
|{{Trail|List of vulnerabilities|
  +
* <em>Newer than</em> XSA 25 : [http://xenbits.xen.org/xsa/ xenbits.xen.org/xsa]
  +
* <em>Older than</em> XSA 25 : [[#hist|Historical Advisories]]
  +
‎An automatically generated list of security advisories is available at [http://xenbits.xen.org/xsa/ xenbits.xen.org/xsa]. }}
  +
|{{Trail|Disclosing Vulnerabilities|
  +
Please contact [mailto:security@xenproject.org security@xenproject.org] if you wish to <em>disclose</em> a security vulnerability.
  +
}}
  +
|{{Trail|Timely Notifications|
  +
In order to <em>get timely notification</em> of security vulnerabilities you should [http://lists.xenproject.org subscribe] to the (low volume) [http://lists.xenproject.org/mailman/listinfo/xen-announce xen-announce] mailing list or.
  +
<hr>
  +
If you are eligible, request access to the pre-disclosure list (see the [http://www.xenproject.org/security-policy.html Xen security problem response process] for more information).
  +
}}
  +
|{{Trail|Security Updates to Xen|
  +
See [[Xen Maintenance Releases]] for information relating to stable branch maintenance.
  +
}}
  +
}}
  +
__TOC__
  +
{{Anchor|hist}}
  +
= Historical Advisories up to XSA-25 =
   
  +
The list below contains only historical information on advisories up to XSA-25.
Please contact [mailto:security@xen.org security@xen.org] if you wish to disclose a security vulnerability.
 
 
See [[Xen Maintenance Releases]] for information relating to stable branch maintenance.
 
   
= XSA-1 Host crash due to failure to correctly validate PV kernel execution state. =
+
== XSA-1 Host crash due to failure to correctly validate PV kernel execution state. ==
   
 
; Date
 
; Date
Line 19: Line 38:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/ee088a0b5cb8 21461:ee088a0b5cb8]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/ee088a0b5cb8 21461:ee088a0b5cb8]
   
= XSA-2 PV kernel validation vulnerabilities =
+
== XSA-2 PV kernel validation vulnerabilities ==
   
 
; Date
 
; Date
Line 32: Line 51:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/c2adc059e931 21482:c2adc059e931]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/c2adc059e931 21482:c2adc059e931]
   
= XSA-3 VT-d (PCI passthrough) MSI =
+
== XSA-3 VT-d (PCI passthrough) MSI ==
   
 
; Date
 
; Date
Line 45: Line 64:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/b85a9e58ec3a 21485:b85a9e58ec3a]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/b85a9e58ec3a 21485:b85a9e58ec3a]
   
= XSA-4 Xen 3.3 vaddr validation =
+
== XSA-4 Xen 3.3 vaddr validation ==
   
 
; Date
 
; Date
Line 57: Line 76:
 
: ''nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.
 
: ''nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.
   
= XSA-5 IOMMU Fault Live lock =
+
== XSA-5 IOMMU Fault Live lock ==
   
 
; Date
 
; Date
Line 70: Line 89:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/789ff1a462b8 21535:789ff1a462b8]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/789ff1a462b8 21535:789ff1a462b8]
   
= XSA-6 HVM e1000, buffer overflow =
+
== XSA-6 HVM e1000, buffer overflow ==
 
; Date
 
; Date
 
: 2 February 2012
 
: 2 February 2012
Line 78: Line 97:
 
: http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
 
: http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
 
; Fixes
 
; Fixes
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-unstable.git;a=commit;h=ebe37b2a3f844bad02dcc30d081f39eda06118f8 ebe37b2a3f844bad02dcc30d081f39eda06118f8]
+
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-unstable.git;a==commit;h==ebe37b2a3f844bad02dcc30d081f39eda06118f8 ebe37b2a3f844bad02dcc30d081f39eda06118f8]
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.1-testing.git;a=commit;h=3cf61880403b4e484539596a95937cc066243388 3cf61880403b4e484539596a95937cc066243388]
+
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.1-testing.git;a==commit;h==3cf61880403b4e484539596a95937cc066243388 3cf61880403b4e484539596a95937cc066243388]
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.0-testing.git;a=commit;h=36984c285a765541b04f378bfa84d2c850c167d3 36984c285a765541b04f378bfa84d2c850c167d3]
+
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.0-testing.git;a==commit;h==36984c285a765541b04f378bfa84d2c850c167d3 36984c285a765541b04f378bfa84d2c850c167d3]
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/fcc071c31e3a 24673:fcc071c31e3a]
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/fcc071c31e3a 24673:fcc071c31e3a]
Line 86: Line 105:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/3feb83eed6bd 21563:3feb83eed6bd]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/3feb83eed6bd 21563:3feb83eed6bd]
   
= XSA-7 64-bit PV guest privilege escalation vulnerability =
+
== XSA-7 64-bit PV guest privilege escalation vulnerability ==
 
; Date
 
; Date
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
Line 98: Line 117:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/dd367837e089 21590:dd367837e089]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/dd367837e089 21590:dd367837e089]
   
= XSA-8 guest denial of service on syscall/sysenter exception generation =
+
== XSA-8 guest denial of service on syscall/sysenter exception generation ==
 
; Date
 
; Date
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
Line 110: Line 129:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/adb943a387c8 21591:adb943a387c8]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/adb943a387c8 21591:adb943a387c8]
   
= XSA-9 PV guest host Denial of Service (AMD erratum #121) =
+
== XSA-9 PV guest host Denial of Service (AMD erratum #121) ==
 
; Date
 
; Date
 
: 12 June 2012 (public disclosure)
 
: 12 June 2012 (public disclosure)
Line 122: Line 141:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/e35c8bb53255 21592:e35c8bb53255]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/e35c8bb53255 21592:e35c8bb53255]
   
= XSA-10 HVM guest user mode MMIO emulation DoS vulnerability =
+
== XSA-10 HVM guest user mode MMIO emulation DoS vulnerability ==
 
; Date
 
; Date
 
: 26 July 2012 (public disclosure)
 
: 26 July 2012 (public disclosure)
Line 134: Line 153:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/82fcf3a5dc3a 21604:82fcf3a5dc3a]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/82fcf3a5dc3a 21604:82fcf3a5dc3a]
   
= XSA-11 HVM guest destroy p2m teardown host DoS vulnerability =
+
== XSA-11 HVM guest destroy p2m teardown host DoS vulnerability ==
 
; Date
 
; Date
 
: 8 August 2012 (public disclosure)
 
: 8 August 2012 (public disclosure)
Line 146: Line 165:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/a51c86b407d7 21608:a51c86b407d7]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/a51c86b407d7 21608:a51c86b407d7]
   
= XSA-12 hypercall set_debugreg vulnerability =
+
== XSA-12 hypercall set_debugreg vulnerability ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 158: Line 177:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/92334c7f577e 21613:92334c7f577e]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/92334c7f577e 21613:92334c7f577e]
   
= XSA-13 hypercall physdev_get_free_pirq vulnerability =
+
== XSA-13 hypercall physdev_get_free_pirq vulnerability ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 169: Line 188:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593 23350:6779ddca8593]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/6779ddca8593 23350:6779ddca8593]
   
= XSA-14 XENMEM_populate_physmap DoS vulnerability =
+
== XSA-14 XENMEM_populate_physmap DoS vulnerability ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 181: Line 200:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/96b08706a0ed 21614:96b08706a0ed]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/96b08706a0ed 21614:96b08706a0ed]
   
= XSA-15 multiple TMEM hypercall vulnerabilities =
+
== XSA-15 multiple TMEM hypercall vulnerabilities ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 191: Line 210:
 
: None at this time. See advisory for details.
 
: None at this time. See advisory for details.
   
= XSA-16 PHYSDEVOP_map_pirq index vulnerability =
+
== XSA-16 PHYSDEVOP_map_pirq index vulnerability ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 202: Line 221:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/936f63ee4dad 23352:936f63ee4dad]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/936f63ee4dad 23352:936f63ee4dad]
   
= XSA-17 Qemu VT100 emulation vulnerability =
+
== XSA-17 Qemu VT100 emulation vulnerability ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 210: Line 229:
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
 
; Fixes
 
; Fixes
: qemu-upstream-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-upstream-unstable.git;a=commit;h=87650d262dea07c955a683dcac75db86477c7ee3 87650d262dea07c955a683dcac75db86477c7ee3] (qemu-xen tree)
+
: qemu-upstream-unstable.git: [http://xenbits.xen.org/gitweb/?p==qemu-upstream-unstable.git;a==commit;h==87650d262dea07c955a683dcac75db86477c7ee3 87650d262dea07c955a683dcac75db86477c7ee3] (qemu-xen tree)
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-unstable.git;a=commit;h=a56ae4b5069c7b23ee657b15f08443a9b14a8e7b a56ae4b5069c7b23ee657b15f08443a9b14a8e7b] (qemu-xen-traditional tree)
+
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-unstable.git;a==commit;h==a56ae4b5069c7b23ee657b15f08443a9b14a8e7b a56ae4b5069c7b23ee657b15f08443a9b14a8e7b] (qemu-xen-traditional tree)
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.1-testing.git;a=commit;h=3220480734832a148d26f7a81f90af61c2ecfdd9 3220480734832a148d26f7a81f90af61c2ecfdd9] (qemu-xen-traditional tree)
+
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.1-testing.git;a==commit;h==3220480734832a148d26f7a81f90af61c2ecfdd9 3220480734832a148d26f7a81f90af61c2ecfdd9] (qemu-xen-traditional tree)
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.0-testing.git;a=commit;h=091149d364e893e643a5da3175c3f84d2163cb3e 091149d364e893e643a5da3175c3f84d2163cb3e] (qemu-xen-traditional tree)
+
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.0-testing.git;a==commit;h==091149d364e893e643a5da3175c3f84d2163cb3e 091149d364e893e643a5da3175c3f84d2163cb3e] (qemu-xen-traditional tree)
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/50adc933faaf 25818:50adc933faaf]
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/50adc933faaf 25818:50adc933faaf]
Line 219: Line 238:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/79444af3258c 21615:79444af3258c]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/79444af3258c 21615:79444af3258c]
   
= XSA-18 grant table entry swaps have inadequate bounds checking =
+
== XSA-18 grant table entry swaps have inadequate bounds checking ==
 
; Date
 
; Date
 
: 5 September 2012 (public disclosure)
 
: 5 September 2012 (public disclosure)
Line 230: Line 249:
   
   
= XSA-19 guest administrator can access qemu monitor console =
+
== XSA-19 guest administrator can access qemu monitor console ==
 
; Date
 
; Date
 
: 6 September 2012 (public disclosure)
 
: 6 September 2012 (public disclosure)
Line 239: Line 258:
 
; Fixes
 
; Fixes
 
: qemu-upstream-unstable.git: Not vulnerable
 
: qemu-upstream-unstable.git: Not vulnerable
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-unstable.git;a=commit;h=bacc0d302445c75f18f4c826750fb5853b60e7ca bacc0d302445c75f18f4c826750fb5853b60e7ca]
+
: qemu-xen-unstable.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-unstable.git;a==commit;h==bacc0d302445c75f18f4c826750fb5853b60e7ca bacc0d302445c75f18f4c826750fb5853b60e7ca]
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.1-testing.git;a=commit;h=d7d453f51459b591faa96d1c123b5bfff7c5b6b6 d7d453f51459b591faa96d1c123b5bfff7c5b6b6]
+
: qemu-xen-4.1-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.1-testing.git;a==commit;h==d7d453f51459b591faa96d1c123b5bfff7c5b6b6 d7d453f51459b591faa96d1c123b5bfff7c5b6b6]
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p=qemu-xen-4.0-testing.git;a=commit;h=eaa1bd612f50d2f253738ed19e14981e4ede98a5 eaa1bd612f50d2f253738ed19e14981e4ede98a5]
+
: qemu-xen-4.0-testing.git: [http://xenbits.xen.org/gitweb/?p==qemu-xen-4.0-testing.git;a==commit;h==eaa1bd612f50d2f253738ed19e14981e4ede98a5 eaa1bd612f50d2f253738ed19e14981e4ede98a5]
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:
 
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/ec23c2a11f6f 25822:ec23c2a11f6f]
 
: xen-unstable.hg: [http://xenbits.xen.org/hg/xen-unstable.hg/rev/ec23c2a11f6f 25822:ec23c2a11f6f]
Line 248: Line 267:
   
   
= XSA 20 Timer overflow DoS vulnerability =
+
== XSA 20 Timer overflow DoS vulnerability ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 261: Line 280:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/6b9809dc1e86 21618:6b9809dc1e86]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/6b9809dc1e86 21618:6b9809dc1e86]
   
= XSA 21 pirq range check DoS vulnerability =
+
== XSA 21 pirq range check DoS vulnerability ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 273: Line 292:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/210f16b6509b 23407:210f16b6509b]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/210f16b6509b 23407:210f16b6509b]
   
= XSA 22 Memory mapping failure DoS vulnerability =
+
== XSA 22 Memory mapping failure DoS vulnerability ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 287: Line 306:
 
: xen-3.4-testing.hg: [http://xenbits.xen.org/hg/xen-3.4-testing.hg/rev/b42c35f6369a 20028:b42c35f6369a]
 
: xen-3.4-testing.hg: [http://xenbits.xen.org/hg/xen-3.4-testing.hg/rev/b42c35f6369a 20028:b42c35f6369a]
   
= XSA 23 Unhooking empty PAE entries DoS vulnerability =
+
== XSA 23 Unhooking empty PAE entries DoS vulnerability ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 300: Line 319:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/c52d74b254dc 21620:c52d74b254dc]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/c52d74b254dc 21620:c52d74b254dc]
   
= XSA 24 Grant table hypercall infinite loop DoS vulnerability =
+
== XSA 24 Grant table hypercall infinite loop DoS vulnerability ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 313: Line 332:
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/68d7b9cc8259 21621:68d7b9cc8259]
 
: xen-4.0-testing.hg: [http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/68d7b9cc8259 21621:68d7b9cc8259]
   
= XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk =
+
== XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ==
 
; Date
 
; Date
 
: 13 November 2012
 
: 13 November 2012
Line 325: Line 344:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/69d1cc78a5bd 23385:69d1cc78a5bd]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/69d1cc78a5bd 23385:69d1cc78a5bd]
   
  +
<!-- Removed
 
  +
== XSA 26 ==
= XSA 26 Grant table version switch list corruption vulnerability =
 
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 338: Line 357:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/7172203aec98 23416:7172203aec98]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/7172203aec98 23416:7172203aec98]
   
= XSA 27 several HVM operations do not validate the range of their inputs =
+
== XSA 27 several HVM operations do not validate the range of their inputs ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 350: Line 369:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/53ef1f35a0f8 23417:53ef1f35a0f8]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/53ef1f35a0f8 23417:53ef1f35a0f8]
   
= XSA 28 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak =
+
== XSA 28 HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 362: Line 381:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/e7c8ffa11596 23418:e7c8ffa11596]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/e7c8ffa11596 23418:e7c8ffa11596]
   
= XSA 29 XENMEM_exchange may overwrite hypervisor memory =
+
== XSA 29 XENMEM_exchange may overwrite hypervisor memory ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 374: Line 393:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/f81286b3be32 23419:f81286b3be32]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/f81286b3be32 23419:f81286b3be32]
   
= XSA 30 Broken error handling in guest_physmap_mark_populate_on_demand() =
+
== XSA 30 Broken error handling in guest_physmap_mark_populate_on_demand() ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 386: Line 405:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/cadc212c8ef3 23420:cadc212c8ef3]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/cadc212c8ef3 23420:cadc212c8ef3]
   
= XSA 31 Several memory hypercall operations allow invalid extent order values =
+
== XSA 31 Several memory hypercall operations allow invalid extent order values ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 398: Line 417:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/a8a9e1c126ea 23421:a8a9e1c126ea]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/a8a9e1c126ea 23421:a8a9e1c126ea]
   
= XSA 32 several hypercalls do not validate input GFNs =
+
== XSA 32 several hypercalls do not validate input GFNs ==
 
; Date
 
; Date
 
: 3 December 2012 (public disclosure)
 
: 3 December 2012 (public disclosure)
Line 410: Line 429:
 
: xen-4.1-testing.hg: Not vulnerable
 
: xen-4.1-testing.hg: Not vulnerable
   
= XSA 33 VT-d interrupt remapping source validation flaw =
+
== XSA 33 VT-d interrupt remapping source validation flaw ==
 
; Date
 
; Date
 
: 9 January 2013 (public release)
 
: 9 January 2013 (public release)
Line 422: Line 441:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/2a91623a5807 23441:2a91623a5807]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/2a91623a5807 23441:2a91623a5807]
   
= XSA 34 nested virtualization on 32-bit exposes host crash =
+
== XSA 34 nested virtualization on 32-bit exposes host crash ==
 
; Date
 
; Date
 
: 22 January 2013 (public release)
 
: 22 January 2013 (public release)
Line 433: Line 452:
 
: xen-4.2-testing.hg: [http://xenbits.xen.org/hg/xen-4.2-testing.hg/rev/fef7ef92f08e 25972:fef7ef92f08e]
 
: xen-4.2-testing.hg: [http://xenbits.xen.org/hg/xen-4.2-testing.hg/rev/fef7ef92f08e 25972:fef7ef92f08e]
   
= XSA 35 Nested HVM exposes host to being driven out of memory by guest =
+
== XSA 35 Nested HVM exposes host to being driven out of memory by guest ==
 
; Date
 
; Date
 
: 22 January 2013 (public release)
 
: 22 January 2013 (public release)
Line 444: Line 463:
 
: xen-4.2-testing.hg: [http://xenbits.xen.org/hg/xen-4.2-testing.hg/rev/7c04074a0a0f 25973:7c04074a0a0f]
 
: xen-4.2-testing.hg: [http://xenbits.xen.org/hg/xen-4.2-testing.hg/rev/7c04074a0a0f 25973:7c04074a0a0f]
   
= XSA 36 interrupt remap entries shared and old ones not cleared on AMD IOMMUs =
+
== XSA 36 interrupt remap entries shared and old ones not cleared on AMD IOMMUs ==
 
; Date
 
; Date
 
: 5 February 2013
 
: 5 February 2013
Line 456: Line 475:
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/dd6694df1a31 23448:dd6694df1a31] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/cac6ae5e5dc6 23449:cac6ae5e5dc6] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/5c0fe82d6060 23450:5c0fe82d6060] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/e5ed73d172eb 23451:e5ed73d172eb] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/4d522221fa77 23458:4d522221fa77]
 
: xen-4.1-testing.hg: [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/dd6694df1a31 23448:dd6694df1a31] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/cac6ae5e5dc6 23449:cac6ae5e5dc6] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/5c0fe82d6060 23450:5c0fe82d6060] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/e5ed73d172eb 23451:e5ed73d172eb] [http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/4d522221fa77 23458:4d522221fa77]
   
= XSA 37 Hypervisor crash due to incorrect ASSERT (debug build only) =
+
== XSA 37 Hypervisor crash due to incorrect ASSERT (debug build only) ==
 
; Date
 
; Date
 
: 4 January 2013
 
: 4 January 2013
Line 469: Line 488:
   
   
= XSA 38 oxenstored incorrect handling of certain Xenbus ring states =
+
== XSA 38 oxenstored incorrect handling of certain Xenbus ring states ==
 
; Date
 
; Date
 
: 5 February 2013
 
: 5 February 2013
Line 482: Line 501:
   
   
= XSA 39 Linux netback DoS via malicious guest ring. =
+
== XSA 39 Linux netback DoS via malicious guest ring. ==
 
; Date
 
; Date
 
: 5 February 2013
 
: 5 February 2013
Line 491: Line 510:
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
 
; Fixes
 
; Fixes
: linux: [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=48856286b64e4b66ec62b94e504d0b29c1ade664 48856286b64e4b66ec62b94e504d0b29c1ade664] [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7d5145d8eb2b9791533ffe4dc003b129b9696c48 7d5145d8eb2b9791533ffe4dc003b129b9696c48] [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=4cc7c1cb7b11b6f3515bd9075527576a1eecc4aa 4cc7c1cb7b11b6f3515bd9075527576a1eecc4aa] [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b9149729ebdcfce63f853aa54a404c6a8f6ebbf3 b9149729ebdcfce63f853aa54a404c6a8f6ebbf3]
+
: linux: [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==48856286b64e4b66ec62b94e504d0b29c1ade664 48856286b64e4b66ec62b94e504d0b29c1ade664] [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==7d5145d8eb2b9791533ffe4dc003b129b9696c48 7d5145d8eb2b9791533ffe4dc003b129b9696c48] [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==4cc7c1cb7b11b6f3515bd9075527576a1eecc4aa 4cc7c1cb7b11b6f3515bd9075527576a1eecc4aa] [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==b9149729ebdcfce63f853aa54a404c6a8f6ebbf3 b9149729ebdcfce63f853aa54a404c6a8f6ebbf3]
   
= XSA 40 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. =
+
== XSA 40 Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests. ==
 
; Date
 
; Date
 
: 16 January 2013
 
: 16 January 2013
Line 501: Line 520:
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00002.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00002.html
 
; Fixes
 
; Fixes
: linux: [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=9174adbee4a9a49d0139f5d71969852b36720809 9174adbee4a9a49d0139f5d71969852b36720809]
+
: linux: [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==9174adbee4a9a49d0139f5d71969852b36720809 9174adbee4a9a49d0139f5d71969852b36720809]
   
= XSA 41 qemu (e1000 device driver): Buffer overflow when processing large packets =
+
== XSA 41 qemu (e1000 device driver): Buffer overflow when processing large packets ==
 
; Date
 
; Date
 
: 16 January 2013
 
: 16 January 2013
Line 511: Line 530:
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00006.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-01/msg00006.html
 
; Fixes
 
; Fixes
: qemu: [http://git.qemu.org/?p=qemu.git;a=commit;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb b0d9ffcd0251161c7c92f94804dcf599dfa3edeb] [http://git.qemu.org/?p=qemu.git;a=commit;h=2c0331f4f7d241995452b99afaf0aab00493334a 2c0331f4f7d241995452b99afaf0aab00493334a]
+
: qemu: [http://git.qemu.org/?p==qemu.git;a==commit;h==b0d9ffcd0251161c7c92f94804dcf599dfa3edeb b0d9ffcd0251161c7c92f94804dcf599dfa3edeb] [http://git.qemu.org/?p==qemu.git;a==commit;h==2c0331f4f7d241995452b99afaf0aab00493334a 2c0331f4f7d241995452b99afaf0aab00493334a]
   
= XSA 42 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. =
+
== XSA 42 Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS. ==
 
; Date
 
; Date
 
: 13 February 2013
 
: 13 February 2013
Line 521: Line 540:
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00004.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00004.html
 
; Fixes
 
; Fixes
: linux: [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc 13d2b4d11d69a92574a55bfd985cfb0ca77aebdc]
+
: linux: [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==13d2b4d11d69a92574a55bfd985cfb0ca77aebdc 13d2b4d11d69a92574a55bfd985cfb0ca77aebdc]
   
= XSA 43 Linux pciback DoS via not rate limited log messages. =
+
== XSA 43 Linux pciback DoS via not rate limited log messages. ==
 
; Date
 
; Date
 
: 5 February 2013
 
: 5 February 2013
Line 531: Line 550:
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html
 
: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00003.html
 
; Fixes
 
; Fixes
: linux: [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=51ac8893a7a51b196501164e645583bf78138699 51ac8893a7a51b196501164e645583bf78138699]
+
: linux: [http://git.kernel.org/?p==linux/kernel/git/torvalds/linux.git;a==commit;h==51ac8893a7a51b196501164e645583bf78138699 51ac8893a7a51b196501164e645583bf78138699]
  +
  +
== XSA 44 Xen PV DoS vulnerability with SYSENTER ==
  +
; Date
  +
: 18 April 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917 CVE-2013-1917]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==fdac9515607b757c044e7ef0d61b1453ef999b08 fdac9515607b757c044e7ef0d61b1453ef999b08]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==68a30a91bad2d4ff1f7c0d4302ec1060d573f6da 68a30a91bad2d4ff1f7c0d4302ec1060d573f6da]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==584eb7c15e4c94baaba93468776572dd7373a33c 584eb7c15e4c94baaba93468776572dd7373a33c]
  +
  +
== XSA 45 Several long latency operations are not preemptible ==
  +
; Date
  +
: 2 May 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918 CVE-2013-1918]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==6cdc9be 6cdc9be] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==e2e6b7b e2e6b7b] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==918a5f1 918a5f1] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==4939f9a 4939f9a] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==99d2b14 99d2b14] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==a3e049f a3e049f] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==b8efae6 b8efae6] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==f2ddd52 f2ddd52]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==f8bdc88 f8bdc88] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==a8f6949 a8f6949] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==f1d1abc f1d1abc] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==f26f9b2 f26f9b2] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==dba35fa dba35fa] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==3e5c1c0 3e5c1c0] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==a4b2683 a4b2683]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==7a93b9a 7a93b9a] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==06a68a0 06a68a0] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==210e61b 210e61b] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==c6fad96 c6fad96] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==02615aa 02615aa] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==09f9f72 09f9f72] [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==8eb2e89 8eb2e89]
  +
  +
== XSA 46 Several access permission issues with IRQs for unprivileged guests ==
  +
; Date
  +
: 18 April 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919 CVE-2013-1919]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==545607e 545607e]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==e414c40 e414c40]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==d3d1288 d3d1288]
  +
  +
== XSA 47 Potential use of freed memory in event channel operations ==
  +
; Date
  +
: 4 April 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920 CVE-2013-1920]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==99b9ab0 99b9ab0]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==2bebeac 2bebeac]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==b10b4af b10b4af]
  +
  +
== XSA 48 qemu-nbd format-guessing due to missing format specification ==
  +
; Date
  +
: 15 April 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1922 CVE-2013-1922]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00001.html
  +
; Fixes
  +
: qemu: [http://git.qemu.org/?p==qemu.git;a==commit;h==e6b636779b51c97e67694be740ee972c52460c59 e6b636779b51c97e67694be740ee972c52460c59]
  +
  +
== XSA 49 VT-d interrupt remapping source validation flaw for bridges ==
  +
; Date
  +
: 2 May 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952 CVE-2013-1952]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==63cec00 63cec00]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==5f34d2f 5f34d2f]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==4c45d2d 4c45d2d]
  +
  +
== XSA 50 grant table hypercall acquire/release imbalance ==
  +
; Date
  +
: 18 April 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964 CVE-2013-1964]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
  +
; Fixes
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==a12ed39 a12ed39]
  +
  +
== XSA 51 qemu guest agent (qga) insecure file permissions ==
  +
; Date
  +
: 6 May 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2007 CVE-2013-2007]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00002.html
  +
; Fixes
  +
: qemu: [http://git.qemu.org/?p==qemu.git;a==commit;h==c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 c689b4f1bac352dcfd6ecb9a1d45337de0f1de67]
  +
  +
== XSA 52 Information leak on XSAVE/XRSTOR capable AMD CPUs ==
  +
; Date
  +
: 3 June 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076 CVE-2013-2076]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==8dcf9f0113454f233089e8e5bb3970d891928410 8dcf9f0113454f233089e8e5bb3970d891928410]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==16b0db2eeef6491fee4277b030c84678b1579863 16b0db2eeef6491fee4277b030c84678b1579863]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==c3401c1aece47dc5388184c9b6a3527655d5bbdf c3401c1aece47dc5388184c9b6a3527655d5bbdf]
  +
  +
== XSA 53 Hypervisor crash due to missing exception recovery on XRSTOR ==
  +
; Date
  +
: 3 June 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077 CVE-2013-2077]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==c6ae65db36b98f2866f74a9a7ae6ac5d51fedc67 c6ae65db36b98f2866f74a9a7ae6ac5d51fedc67]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==93113dbc332b7befc334a1496bf6b6a325264d51 93113dbc332b7befc334a1496bf6b6a325264d51]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==5849504a03725f553195c8d80b0d595ef8334e2a 5849504a03725f553195c8d80b0d595ef8334e2a]
  +
  +
== XSA 54 Hypervisor crash due to missing exception recovery on XSETBV ==
  +
; Date
  +
: 3 June 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2078 CVE-2013-2078]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==365c95f7de789e1dca03f119eab7dc61fe0f77c9 365c95f7de789e1dca03f119eab7dc61fe0f77c9]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==9c28f338208bdc3f8f03934f58aabf2724c42cdb 9c28f338208bdc3f8f03934f58aabf2724c42cdb]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==13e00caf1a01a4eb99f2269be6ce12a3a4703178 13e00caf1a01a4eb99f2269be6ce12a3a4703178]
  +
  +
== XSA 55 Multiple vulnerabilities in libelf PV kernel handling ==
  +
; Date
  +
: 7 June 2013
  +
; References
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00003.html
  +
; Fixes
  +
: Work is ongoing to resolve this issue. See http://lists.xen.org/archives/html/xen-devel/
  +
  +
== XSA 56 Buffer overflow in xencontrol Python bindings affecting xend ==
  +
; Date
  +
: 17 May 2013
  +
; References
  +
: [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072 CVE-2013-2072]
  +
; Advisory
  +
: http://lists.xen.org/archives/html/xen-announce/2013-05/msg00004.html
  +
; Fixes
  +
: xen unstable: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==41abbadef60e5fccdfd688579dd458f7f7887cf5 41abbadef60e5fccdfd688579dd458f7f7887cf5]
  +
: xen 4.2: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==34e2c78baa7eff6369595adc7e51e70a4a0c8727 34e2c78baa7eff6369595adc7e51e70a4a0c8727]
  +
: xen 4.1: [http://xenbits.xen.org/gitweb/?p==xen.git;a==commit;h==8dd9cde5d454e4cee55d0202abfd52ceeff1cd94 8dd9cde5d454e4cee55d0202abfd52ceeff1cd94]
  +
-->
   
 
<!-- Template:
 
<!-- Template:

Latest revision as of 11:54, 13 May 2015

Security advisories are made available in accordance with the Xen security problem response process.

Essential Information
List of vulnerabilities

‎An automatically generated list of security advisories is available at xenbits.xen.org/xsa.

Disclosing Vulnerabilities

Please contact security@xenproject.org if you wish to disclose a security vulnerability.

Timely Notifications

In order to get timely notification of security vulnerabilities you should subscribe to the (low volume) xen-announce mailing list or.


If you are eligible, request access to the pre-disclosure list (see the Xen security problem response process for more information).

Security Updates to Xen

See Xen Maintenance Releases for information relating to stable branch maintenance.

Historical Advisories up to XSA-25

The list below contains only historical information on advisories up to XSA-25.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
Fixes
xen-unstable.hg: 25480:76eaf5966c05
xen-4.1-testing.hg: 23299:f08e61b9b33f
xen-4.0-testing.hg: 21590:dd367837e089

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
Fixes
xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
xen-4.1-testing.hg: 23300:0fec1afa4638
xen-4.0-testing.hg: 21591:adb943a387c8

XSA-9 PV guest host Denial of Service (AMD erratum #121)

Date
12 June 2012 (public disclosure)
References
CVE-2012-2934
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
Fixes
xen-unstable.hg: 25481:bc2f3a848f9a
xen-4.1-testing.hg: 23301:a9c0a89c08f2
xen-4.0-testing.hg: 21592:e35c8bb53255

XSA-10 HVM guest user mode MMIO emulation DoS vulnerability

Date
26 July 2012 (public disclosure)
References
CVE-2012-3432
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
Fixes
xen-unstable.hg: 25682:ffcb24876b4f
xen-4.1-testing.hg: 23325:a43f5b4b0331
xen-4.0-testing.hg: 21604:82fcf3a5dc3a

XSA-11 HVM guest destroy p2m teardown host DoS vulnerability

Date
8 August 2012 (public disclosure)
References
CVE-2012-3433
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23332:859205b36fe9
xen-4.0-testing.hg: 21608:a51c86b407d7

XSA-12 hypercall set_debugreg vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3494
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html
Fixes
xen-unstable.hg: 25814:4f1c69648201
xen-4.1-testing.hg: 23349:bcc340292731
xen-4.0-testing.hg: 21613:92334c7f577e

XSA-13 hypercall physdev_get_free_pirq vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3495
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.1-testing.hg: 23350:6779ddca8593

XSA-14 XENMEM_populate_physmap DoS vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3496
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html
Fixes
xen-unstable.hg: 25815:bcf58ef63b7c
xen-4.1-testing.hg: 23351:8ebda5388e4e
xen-4.0-testing.hg: 21614:96b08706a0ed

XSA-15 multiple TMEM hypercall vulnerabilities

Date
5 September 2012 (public disclosure)
References
CVE-2012-3497
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html
Fixes
None at this time. See advisory for details.

XSA-16 PHYSDEVOP_map_pirq index vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3498
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00005.html
Fixes
xen-unstable.hg: 25816:2750340a347d
xen-4.1-testing.hg: 23352:936f63ee4dad

XSA-17 Qemu VT100 emulation vulnerability

Date
5 September 2012 (public disclosure)
References
CVE-2012-3515
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Fixes
qemu-upstream-unstable.git: 87650d262dea07c955a683dcac75db86477c7ee3 (qemu-xen tree)
qemu-xen-unstable.git: a56ae4b5069c7b23ee657b15f08443a9b14a8e7b (qemu-xen-traditional tree)
qemu-xen-4.1-testing.git: 3220480734832a148d26f7a81f90af61c2ecfdd9 (qemu-xen-traditional tree)
qemu-xen-4.0-testing.git: 091149d364e893e643a5da3175c3f84d2163cb3e (qemu-xen-traditional tree)

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix to qemu-xen-traditional:

xen-unstable.hg: 25818:50adc933faaf
xen-4.1-testing.hg: 23353:3e4782f17f5c
xen-4.0-testing.hg: 21615:79444af3258c

XSA-18 grant table entry swaps have inadequate bounds checking

Date
5 September 2012 (public disclosure)
References
CVE-2012-3516
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Fixes
xen-unstable.hg: 25817:93e5a791d076


XSA-19 guest administrator can access qemu monitor console

Date
6 September 2012 (public disclosure)
References
CVE-2012-4411
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
Fixes
qemu-upstream-unstable.git: Not vulnerable
qemu-xen-unstable.git: bacc0d302445c75f18f4c826750fb5853b60e7ca
qemu-xen-4.1-testing.git: d7d453f51459b591faa96d1c123b5bfff7c5b6b6
qemu-xen-4.0-testing.git: eaa1bd612f50d2f253738ed19e14981e4ede98a5

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 25822:ec23c2a11f6f
xen-4.1-testing.hg: 23354:9be1175d2ac3
xen-4.0-testing.hg: 21616:512168f88df9 & 21617:1d1538beeada


XSA 20 Timer overflow DoS vulnerability

Date
13 November 2012
References
CVE-2012-4535
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Fixes
xen-unstable.hg: 26148:bf58b94b3cef
xen-4.2-testing.hg: 25919:788af5959f69
xen-4.1-testing.hg: 23406:701f5e3321c1
xen-4.0-testing.hg: 21618:6b9809dc1e86

XSA 21 pirq range check DoS vulnerability

Date
13 November 2012
References
CVE-2012-4536
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Fixes
xen-unstable.hg: Not vulnerable
xen-4.2-testing.hg: Not vulnerable
xen-4.1-testing.hg: 23407:210f16b6509b

XSA 22 Memory mapping failure DoS vulnerability

Date
13 November 2012
References
CVE-2012-4537
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Fixes
xen-unstable.hg: 26149:6b6a4007a609
xen-4.2-testing.hg: 25920:4cffe28427e0
xen-4.1-testing.hg: 23408:f635b1447d7e
xen-4.0-testing.hg: 21619:04462a8c7966
xen-3.4-testing.hg: 20028:b42c35f6369a

XSA 23 Unhooking empty PAE entries DoS vulnerability

Date
13 November 2012
References
CVE-2012-4538
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Fixes
xen-unstable.hg: 26150:c7a01b6450e4
xen-4.2-testing.hg: 25921:159080b58dda
xen-4.1-testing.hg: 23409:61eb3d030f52
xen-4.0-testing.hg: 21620:c52d74b254dc

XSA 24 Grant table hypercall infinite loop DoS vulnerability

Date
13 November 2012
References
CVE-2012-4539
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
Fixes
xen-unstable.hg: 26151:b64a7d868f06
xen-4.2-testing.hg: 25922:8ca6372315f8
xen-4.1-testing.hg: 23410:178f63286b02
xen-4.0-testing.hg: 21621:68d7b9cc8259

XSA 25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk

Date
13 November 2012
References
CVE-2012-4544,CVE-2012-2625
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00006.html
Fixes
xen-unstable.hg: 25589:60f09d1ab1fe 26115:37a8946eeb9d
xen-4.2-testing.hg: 25589:60f09d1ab1fe 25883:537776f51f79
xen-4.1-testing.hg: 23385:69d1cc78a5bd