-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4105 / XSA-130 version 2 Guest triggerable qemu MSI-X pass-through error messages UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain (supposedly) invalid guest operations. IMPACT ====== A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-X capable. (Many modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI-X capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa130-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa130-qemuu-4.3.patch Xen 4.3.x xsa130-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa130*.patch 0ed6d75b6758c43a3042994f5127cb69d03796acf5c4d305d7ec2486500753da xsa130-qemut.patch fd6e835e945c2eee197f9e18501aeefb6e1d33a714f6ce66c16481d5aca8fcd0 xsa130-qemuu-4.3.patch 87fb70041d1fe9c997461c4a6fdaf9157667ec2eff7c77b8db6ee8f9d730753d xsa130-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdWAAoJEIP+FMlX6CvZhyIH/3VkV4yhOpHsYzHEdkcikqTP w3KzOsPqtZs2++XWN48Ewpt1Dy12vLkq65hljfvHj9AIWmB0qgWXNC51lkkIFffT KgcNuUbuJkyy+hNk7K/OWblXbehTrSIAWkl13xKymIQYiS+UN8TYp9kM7QIFkYh2 GGJlCzTljnxeKFZY0z7uW6OKnZzBkdcGmRS5tyH+cqikfAEDSGaV7ffSC0mukd0/ LrTodM+0+8C40znDAyjUiz91YfGXyXtTTEKvmPzdhiv9Fsp3FZ6kMkSGPhcAUUUh WJmP23QXwm1Tt0qZn9wp1w1DmgihkDoS9Jdw/as29qSCNE2UrfsXaPghGkujQTU= =KrtH -----END PGP SIGNATURE-----