Security Announcements (Historical)
From Xen
The following security advisories have been made in accordance with the xen.org security problem response process.
Please contact security@xen.org if you wish to disclose a security vulnerability.
Contents
- 1 XSA-1 Host crash due to failure to correctly validate PV kernel execution state.
- 2 XSA-2 PV kernel validation vulnerabilities
- 3 XSA-3 VT-d (PCI passthrough) MSI
- 4 XSA-4 Xen 3.3 vaddr validation
- 5 XSA-5 IOMMU Fault Live lock
- 6 XSA-6 HVM e1000, buffer overflow
- 7 XSA-7 64-bit PV guest privilege escalation vulnerability
- 8 XSA-8 guest denial of service on syscall/sysenter exception generation
- 9 XSA-9 PV guest host Denial of Service (AMD erratum #121)
- 10 XSA-10 HVM guest user mode MMIO emulation DoS vulnerability
- 11 XSA-11 HVM guest destroy p2m teardown host DoS vulnerability
XSA-1 Host crash due to failure to correctly validate PV kernel execution state.
- Date
- 14 March 2011
- References
- CVE-2011-1166
- Advisory
- Cannot specify user mode execution without specifying user-mode pagetables. Failure to validate this allows a malicious or buggy 64 bit PV guest to crash the host.
- nb: predates vulnerability handling process and therefore no formal announcement
- Fixes
- xen-unstable.hg: 23034:c79aae866ad8
- xen-4.1-testing.hg: 22993:842aed720b84
- xen-4.0-testing.hg: 21461:ee088a0b5cb8
XSA-2 PV kernel validation vulnerabilities
- Date
- 9 May 2011
- References
- CVE-2011-1583
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-05/msg00483.html
- Fixes
- xen-unstable.hg: 23322:d9982136d8fa
- xen-4.1-testing.hg: 23042:e2e575f8b5d9
- xen-4.0-testing.hg: 21482:c2adc059e931
XSA-3 VT-d (PCI passthrough) MSI
- Date
- 12 May 2011
- References
- CVE-2011-1898
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-05/msg00687.html
- Fixes
- xen-unstable.hg: 23337:cc91832a02c7
- xen-4.1-testing.hg: 23046:ed630a821de1
- xen-4.0-testing.hg: 21485:b85a9e58ec3a
XSA-4 Xen 3.3 vaddr validation
- Date
- 2 September 2011
- References
- CVE-2011-2901
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-09/msg00119.html
- Fixes
- xen-unstable.hg: 23800:72edc40e2942
- nb: although the off-by-one error was fixed in the above changeset only Xen version 3.3 and earlier were vulnerable due to this error.
XSA-5 IOMMU Fault Live lock
- Date
- 12 August 2011
- References
- CVE-2011-3131
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2011-08/msg00450.html
- Fixes
- xen-unstable.hg: 23762:537ed3b74b3f
- xen-4.1-testing.hg: 23112:84e3706df07a
- xen-4.0-testing.hg: 21535:789ff1a462b8
XSA-6 HVM e1000, buffer overflow
- Date
- 2 February 2012
- References
- CVE-2012-0029
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2012-02/msg00212.html
- Fixes
- qemu-xen-unstable.git: ebe37b2a3f844bad02dcc30d081f39eda06118f8
- qemu-xen-4.1-testing.git: 3cf61880403b4e484539596a95937cc066243388
- qemu-xen-4.0-testing.git: 36984c285a765541b04f378bfa84d2c850c167d3
In each case the QEMU_TAG in the corresponding xen.hg repository has been updated so that a completely fresh build will pick up the fix:
- xen-unstable.hg: 24673:fcc071c31e3a
- xen-4.1-testing.hg: 23224:cccd6c68e1b9
- xen-4.0-testing.hg: 21563:3feb83eed6bd
XSA-7 64-bit PV guest privilege escalation vulnerability
- Date
- 12 June 2012 (public disclosure)
- References
- CVE-2012-0217
- Advisory
- http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
- Fixes
- xen-unstable.hg: 25480:76eaf5966c05
- xen-4.1-testing.hg: 23299:f08e61b9b33f
- xen-4.0-testing.hg: 21590:dd367837e089
XSA-8 guest denial of service on syscall/sysenter exception generation
- Date
- 12 June 2012 (public disclosure)
- References
- CVE-2012-0218
- Advisory
- http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html
- Fixes
- xen-unstable.hg: 25200:80f4113be500 & 25204:569d6f05e1ef
- xen-4.1-testing.hg: 23300:0fec1afa4638
- xen-4.0-testing.hg: 21591:adb943a387c8
XSA-9 PV guest host Denial of Service (AMD erratum #121)
- Date
- 12 June 2012 (public disclosure)
- References
- CVE-2012-2934
- Advisory
- http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
- Fixes
- xen-unstable.hg: 25481:bc2f3a848f9a
- xen-4.1-testing.hg: 23301:a9c0a89c08f2
- xen-4.0-testing.hg: 21592:e35c8bb53255
XSA-10 HVM guest user mode MMIO emulation DoS vulnerability
- Date
- 26 July 2012 (public disclosure)
- References
- CVE-2012-3432
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2012-07/msg01649.html
- Fixes
- xen-unstable.hg: 25682:ffcb24876b4f
- xen-4.1-testing.hg: 23325:a43f5b4b0331
- xen-4.0-testing.hg: 21604:82fcf3a5dc3a
XSA-11 HVM guest destroy p2m teardown host DoS vulnerability
- Date
- 8 August 2012 (public disclosure)
- References
- CVE-2012-3433
- Advisory
- http://lists.xen.org/archives/html/xen-devel/2012-08/msg00855.html
- Fixes
- xen-unstable.hg: Not vulnerable
- xen-4.1-testing.hg: 23332:859205b36fe9
- xen-4.0-testing.hg: 21608:a51c86b407d7
