Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1102254 - (CVE-2014-3967, CVE-2014-3968) CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96)
CVE-2014-3967 CVE-2014-3968 xen: Vulnerabilities in HVM MSI injection (XSA-96)
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140603,repor...
: Security
Depends On: 1104583
Blocks: 1102255
  Show dependency treegraph
 
Reported: 2014-05-28 11:49 EDT by Petr Matousek
Modified: 2014-06-04 11:39 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-28 11:50:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Petr Matousek 2014-05-28 11:49:29 EDT 
The implementation of the HVM control operation HVMOP_inject_msi, while
checking whether a particular IRQ was already set up in the necessary
way, fails to properly check all respective conditions. In particular
it doesn't check the returned pointer for being non-NULL before de-
referencing it.

Furthermore that same code also handles certain errors by logging
messages, without (under default settings) at least making these
messages subject to rate limiting.

The NULL pointer de-reference would lead to a host crash, and hence a
denial of service would result.

The spamming of the hypervisor log could similarly lead to a denial of
service.

Acknowledgements:

Red Hat would like to thank the Xen project for reporting this issue.
Comment 2 Petr Matousek 2014-05-28 11:50:49 EDT 
Statement:

Not vulnerable.

This issue did not affect the versions of the kernel-xen package as
shipped with Red Hat Enterprise Linux 5.

This issue did not affect Red Hat Enterprise Linux 6 and Red Hat
Enterprise MRG 2 as we did not have support for Xen hypervisor.
Comment 3 Petr Matousek 2014-06-04 05:09:54 EDT 
External references:

http://www.openwall.com/lists/oss-security/2014/06/03/9
Comment 4 Petr Matousek 2014-06-04 05:10:14 EDT 
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1104583]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.