Security Announcements (Historical)

From Xen
Revision as of 12:31, 12 June 2012 by IanJackson (talk | contribs) (xsa-8)

The following security advisories have been made in accordance with the xen.org security problem response process.

Please contact security@xen.org if you wish to disclose a security vulnerability.

XSA-1 Host crash due to failure to correctly validate PV kernel execution state.

Date
14 March 2011
References
CVE-2011-1166
Advisory
Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
nb: predates vulnerability handling process and therefore no formal announcement
Fixes
xen-unstable.hg: 23034:c79aae866ad8
xen-4.1-testing.hg: 22993:842aed720b84
xen-4.0-testing.hg: 21461:ee088a0b5cb8

XSA-2 PV kernel validation vulnerabilities

Date
9 May 2011
References
CVE-2011-1583
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
Fixes
xen-unstable.hg: 23322:d9982136d8fa
xen-4.1-testing.hg: 23042:e2e575f8b5d9
xen-4.0-testing.hg: 21482:c2adc059e931

XSA-3 VT-d (PCI passthrough) MSI

Date
12 May 2011
References
CVE-2011-1898
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
Fixes
xen-unstable.hg: 23337:cc91832a02c7
xen-4.1-testing.hg: 23046:ed630a821de1
xen-4.0-testing.hg: 21485:b85a9e58ec3a

XSA-4 Xen 3.3 vaddr validation

Date
2 September 2011
References
CVE-2011-2901
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
Fixes
xen-unstable.hg: 23800:72edc40e2942
nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.

XSA-5 IOMMU Fault Live lock

Date
12 August 2011
References
CVE-2011-3131
Advisory
http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
Fixes
xen-unstable.hg: 23762:537ed3b74b3f
xen-4.1-testing.hg: 23112:84e3706df07a
xen-4.0-testing.hg: 21535:789ff1a462b8

XSA-6 HVM e1000, buffer overflow

Date
2 February 2012
References
CVE-2012-0029
Advisory
http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
Fixes
qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3

In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:

xen-unstable.hg: 24673:fcc071c31e3a
xen-4.1-testing.hg: 23224:cccd6c68e1b9
xen-4.0-testing.hg: 21563:3feb83eed6bd

XSA-7 64-bit PV guest privilege escalation vulnerability

Date
12 June 2012 (public disclosure)
References
CVE-2012-0217
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html

XSA-8 guest denial of service on syscall/sysenter exception generation

Date
12 June 2012 (public disclosure)
References
CVE-2012-0218
Advisory
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html