Bug 1187153 (CVE-2015-1563)
Summary: | CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging on ARM architectures (XSA-118) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED NOTABUG | QA Contact: | |||||||||
Severity: | low | Docs Contact: | |||||||||
Priority: | low | ||||||||||
Version: | unspecified | CC: | drjones, jforbes, kraxel, m.a.young, mrezanin, pbonzini, rkrcmar, virt-maint, vkuznets, xen-maint | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2019-06-08 02:38:35 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-01-29 12:31:21 UTC
Created attachment 985562 [details]
xsa118-4.4.patch
Created attachment 985563 [details]
xsa118-4.5-unstable-1.patch
Created attachment 985564 [details]
xsa118-4.5-unstable-2.patch
Fedora isn't affected as we haven't yet built xen on ARM. The patches have however been applied to xen-4.5.0-1.fc22 and the other Fedora versions will have patched code when xen-4.4.2 and xen-4.3.4 (currently both at -rc1) are released. Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1563 to the following vulnerability: Name: CVE-2015-1563 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1563 Assigned: 20150208 Reference: http://xenbits.xen.org/xsa/advisory-118.html The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. xen-4.4.1-16.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |