|Public release ||2013-09-30 10:04|
|Updated ||2013-09-30 10:04|
|Title ||Information leaks through I/O instruction emulation|
Filesadvisory-63.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2013-4355 / XSA-63
Information leaks through I/O instruction emulation
UPDATES IN VERSION 3
Insufficient or missing error handling in certain routines dealing
with guest memory reads can lead to uninitialized data on the
hypervisor stack (potentially containing sensitive data from prior
work the hypervisor performed) being copied to guest visible storage.
This allows a malicious HVM guest to craft certain operations (namely,
but not limited to, port or memory mapped I/O writes) involving
physical or virtual addresses that have no actual memory associated
with them, so that hypervisor stack contents are copied into the
destination of the operation, thus becoming visible to the guest.
A malicious HVM guest might be able to read sensitive data relating
to other guests.
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
Only HVM guests can take advantage of this vulnerability.
Running only PV guests will avoid this issue.
This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper & Tim Deegan.
Applying the appropriate attached patch resolves this issue.
xsa63.patch Xen 4.2.x, 4.3.x, and unstable
$ sha256sum xsa63*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team