|Public release ||2014-04-23 13:05|
|Updated ||2014-04-23 15:12|
|Title ||ARM hypervisor crash on guest interrupt controller access|
Filesadvisory-94.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2014-2986 / XSA-94
ARM hypervisor crash on guest interrupt controller access
UPDATES IN VERSION 2
This issue has been assigned CVE-2014-2986.
When handling a guest access to the virtual GIC distributor (interrupt
controller) Xen could dereference a pointer before checking it for
validity leading to a hypervisor crash and host Denial of Service.
A buggy or malicious guest can crash the host.
Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onward.
x86 systems are not vulnerable.
NOTE REGARDING LACK OF EMBARGO
This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.
The initial bug was discovered by Thomas Leonard and the security
aspect was diagnosed by Julien Grall.
Applying the appropriate attached patch resolves this issue.
xsa94.patch xen-unstable, Xen 4.4.x
$ sha256sum xsa94*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team