[Oraclevm-errata] OVMSA-2013-0004 Important: Oracle VM 3.2 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri Jan 18 14:36:43 PST 2013
Oracle VM Security Advisory OVMSA-2013-0004
The following updated rpms for Oracle VM 3.2 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.1.3-25.el5.1.x86_64.rpm
xen-devel-4.1.3-25.el5.1.x86_64.rpm
xen-tools-4.1.3-25.el5.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/xen-4.1.3-25.el5.1.src.rpm
Description of changes:
[4.1.3-25.el5.1]
- Xen Security Advisory CVE-2012-5634 / XSA-33 (v3)
VT-d interrupt remapping source validation flaw
UPDATES IN VERSION 3
====================
The patch supplied for Xen 4.1 (xsa33-4.1.patch) contained a build
error. A corrected patch is attached. The fix is also now available in
http://xenbits.xen.org/hg/xen-4.1-testing.hg as changeset
23441:2a91623a5807
ISSUE DESCRIPTION
=================
When passing a device which is behind a legacy PCI Bridge through to
a guest Xen incorrectly configures the VT-d hardware. This could allow
incorrect interrupts to be injected to other guests which also have
passthrough devices.
In a typical Xen system many devices are owned by domain 0 or driver
domains, leaving them vulnerable to such an attack. Such a DoS is
likely to have an impact on other guests running in the system.
IMPACT
======
A malicious domain, given access to a device which is behind a legacy
PCI bridge, can mount a denial of service attack affecting the whole
system.
VULNERABLE SYSTEMS
==================
Xen version 4.0 onwards is vulnerable.
Only systems using Intel VT-d for PCI passthrough are vulnerable.
Any domain which is given access to a PCI device that is behind a
legacy PCI bridge can take advantage of this vulnerability.
Domains which are given access to PCIe devices only are not able to
take advantage of this vulnerability.
MITIGATION
==========
This issue can be avoided by not assigning PCI devices which are
behind a legacy PCI bridge to untrusted guests.
More information about the Oraclevm-errata
mailing list