Bug 1090424 (CVE-2014-2915)

Summary: CVE-2014-2915 xen: Hardware features unintentionally exposed to guests on ARM
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: agordeev, anton, dhoward, drjones, imammedo, jforbes, jkurik, kraxel, lwang, m.a.young, mrezanin, pbonzini, pholasek, plougher, rkrcmar, rvrbovsk, virt-maint, xen-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-23 10:01:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1090426    
Bug Blocks: 1088255    

Description Petr Matousek 2014-04-23 09:58:44 UTC 
When running on an ARM platform Xen was not correctly configuring the
hardware virtualisation platform and therefore did not prevent guests
from accessing various hardware features including cache control,
coprocessors, debug registers and various processor specific
registers.

By accessing these hardware facilities a malicious or buggy guest may
be able to cause various issues, including crashing the host, crashing
other guests (including control domains) and data corruption.

Privilege escalation is not thought to be possible but has not been
ruled out.

References:
http://www.openwall.com/lists/oss-security/2014/04/22/9
Comment 1 Petr Matousek 2014-04-23 10:00:18 UTC 
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1090426]
Comment 2 Petr Matousek 2014-04-23 10:01:15 UTC 
Statement:

Not vulnerable.

This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.