Security update for xen SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0226-1 Final 1 1 2015-01-12T10:54:17Z current 2015-01-12T10:54:17Z 2015-01-12T10:54:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling CVE-2014-8867: XSA-112: xen: Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode hypercall argument translation CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86 emulation of far branches CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU update hypercalls CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts CVE-2014-5146, CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu operations are not preemptible Bugs fixed: - bnc#903357 - Corrupted save/restore test leaves orphaned data in xenstore - bnc#903359 - Temporary migration name is not cleaned up after migration - bnc#903850 - VUL-0: Xen: guest user mode triggerable VM exits not handled by hypervisor - bnc#866902 - L3: Xen save/restore of HVM guests cuts off disk and networking - bnc#901317 - L3: increase limit domUloader to 32MB domUloader.py - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus - bsc#900292 - xl: change default dump directory - Update to Xen 4.3.3 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html E-Mail link for openSUSE-SU-2015:0226-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings xen-4.3.3_04-34.1 xen-devel-4.3.3_04-34.1 xen-doc-html-4.3.3_04-34.1 xen-kmp-default-4.3.3_04_k3.11.10_25-34.1 xen-kmp-desktop-4.3.3_04_k3.11.10_25-34.1 xen-kmp-pae-4.3.3_04_k3.11.10_25-34.1 xen-libs-4.3.3_04-34.1 xen-libs-32bit-4.3.3_04-34.1 xen-tools-4.3.3_04-34.1 xen-tools-domU-4.3.3_04-34.1 xen-xend-tools-4.3.3_04-34.1 The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). CVE-2013-3495 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2013-3495.html CVE-2013-3495 https://bugzilla.suse.com/826717 SUSE Bug 826717 https://bugzilla.suse.com/903970 SUSE Bug 903970 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. CVE-2014-5146 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-5146.html CVE-2014-5146 https://bugzilla.suse.com/889526 SUSE Bug 889526 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/918998 SUSE Bug 918998 https://bugzilla.suse.com/950367 SUSE Bug 950367 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. CVE-2014-5149 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-5149.html CVE-2014-5149 https://bugzilla.suse.com/889526 SUSE Bug 889526 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/918998 SUSE Bug 918998 https://bugzilla.suse.com/950367 SUSE Bug 950367 The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). CVE-2014-8594 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-8594.html CVE-2014-8594 https://bugzilla.suse.com/903967 SUSE Bug 903967 https://bugzilla.suse.com/903970 SUSE Bug 903970 arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. CVE-2014-8595 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-8595.html CVE-2014-8595 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/907649 SUSE Bug 907649 The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode. CVE-2014-8866 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-8866.html CVE-2014-8866 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/905465 SUSE Bug 905465 The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. CVE-2014-8867 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-8867.html CVE-2014-8867 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/905467 SUSE Bug 905467 The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. CVE-2014-9030 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-9030.html CVE-2014-9030 https://bugzilla.suse.com/903970 SUSE Bug 903970 https://bugzilla.suse.com/906439 SUSE Bug 906439 common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. CVE-2014-9065 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-9065.html CVE-2014-9065 https://bugzilla.suse.com/906996 SUSE Bug 906996 https://bugzilla.suse.com/918998 SUSE Bug 918998 Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. CVE-2014-9066 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2014-9066.html CVE-2014-9066 https://bugzilla.suse.com/906996 SUSE Bug 906996 https://bugzilla.suse.com/918998 SUSE Bug 918998 Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. CVE-2015-0361 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html https://www.suse.com/security/cve/CVE-2015-0361.html CVE-2015-0361 https://bugzilla.suse.com/910681 SUSE Bug 910681 https://bugzilla.suse.com/918998 SUSE Bug 918998 https://bugzilla.suse.com/950367 SUSE Bug 950367