Bug 1277172 (CVE-2015-5307, XSA-156)
| Summary: | CVE-2015-5307 virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | unspecified | CC: | abaron, agordeev, ailan, aortega, apevec, aquini, areis, arozansk, ayoung, carnil, chrisw, dallan, dhoward, drjones, fhrbata, gitbot-kernelmantain-xmlrpc, gkotton, jen, jschluet, juzhang, knoel, lhh, lpeer, lwang, markmc, mguzik, mkenneth, mohammed.gamal, mrezanin, mst, nmurray, pbonzini, pholasek, plougher, pmatouse, ppandit, rbalakri, rbryant, rkrcmar, rvrbovsk, sclewis, security-response-team, slong, tdecacqu, vdronov, vkuznets, xwei, yeylon | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-01-07 14:27:41 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1277557, 1277559, 1277560, 1277561, 1277563, 1277564, 1277565, 1277566, 1277567, 1279688, 1279689 | ||||||
| Bug Blocks: | 1277175 | ||||||
| Attachments: |
|
||||||
|
Description
Martin Prpič
2015-11-02 14:50:51 UTC
Created attachment 1088606 [details] CVE-2015-5307 proposed patch Acknowledgements: Red Hat would like to thank Ben Serebrin of Google Inc. for reporting this issue. Statement: This issue affects the version of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue. Red Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1279688] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1279689] I noticed that the proposed patch only fixes Intel VMX code. Are AMD hosts also affected by this vulnerability? (In reply to Mohammed Gamal from comment #10) > I noticed that the proposed patch only fixes Intel VMX code. Are AMD hosts > also affected by this vulnerability? Both Intel and AMD processors running KVM hosts are affected by this vulnerability. The final patch that will be included in Red Hat Enterprise Linux updates fixes both VMX and SVM code. kernel-4.2.6-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.2.6-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.1.13-100.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. xen-4.4.3-8.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. xen-4.5.2-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. xen-4.5.2-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2552 https://rhn.redhat.com/errata/RHSA-2015-2552.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Red Hat Enterprise Linux 7.1 EUS - Server and Compute Node Only Via RHSA-2015:2587 https://rhn.redhat.com/errata/RHSA-2015-2587.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2636 https://rhn.redhat.com/errata/RHSA-2015-2636.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 AUS - Server Only Via RHSA-2015:2645 https://rhn.redhat.com/errata/RHSA-2015-2645.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 AUS - Server Only Via RHSA-2016:0004 https://rhn.redhat.com/errata/RHSA-2016-0004.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 EUS - Server and Compute Node Only Via RHSA-2016:0024 https://rhn.redhat.com/errata/RHSA-2016-0024.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2016:0046 https://rhn.redhat.com/errata/RHSA-2016-0046.html |