Bug 1187153 (CVE-2015-1563) - CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging on ARM architectures (XSA-118)
Summary: CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging o...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-1563
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-29 12:31 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:27 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 02:38:35 UTC


Attachments (Terms of Use)
xsa118-4.4.patch (4.67 KB, text/plain)
2015-01-29 12:33 UTC, Vasyl Kaigorodov
no flags Details
xsa118-4.5-unstable-1.patch (10.00 KB, text/plain)
2015-01-29 12:33 UTC, Vasyl Kaigorodov
no flags Details
xsa118-4.5-unstable-2.patch (4.79 KB, text/plain)
2015-01-29 12:33 UTC, Vasyl Kaigorodov
no flags Details

Description Vasyl Kaigorodov 2015-01-29 12:31:21 UTC
ISSUE DESCRIPTION
=================

On ARM systems the code which deals with virtualising the GIC
distributor would, under various circumstances, log messages on a
guest accessible code path without appropriate rate limiting.

IMPACT
======

A malicious guest could cause repeated logging to the hypervisor
console, leading to a Denial of Service attack.

VULNERABLE SYSTEMS
==================

Xen 4.4 and later systems running on ARM hardware are vulnerable.

x86 systems are not affected.

MITIGATION
==========

The problematic log messages are issued with priority Warning.

Therefore they can be rate limited by adding "loglvl=error/warning" to the
hypervisor command line or suppressed entirely by adding "loglvl=error".

Applying the attached patch(es) resolves this issue.

Statement:

This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5.

Acknowledgments:

Red Hat would like to thank the Xen for reporting this issue. Upstream acknowledges Julien Grall as the original reporter.

Comment 1 Vasyl Kaigorodov 2015-01-29 12:33:16 UTC
Created attachment 985562 [details]
xsa118-4.4.patch

Comment 2 Vasyl Kaigorodov 2015-01-29 12:33:20 UTC
Created attachment 985563 [details]
xsa118-4.5-unstable-1.patch

Comment 3 Vasyl Kaigorodov 2015-01-29 12:33:24 UTC
Created attachment 985564 [details]
xsa118-4.5-unstable-2.patch

Comment 4 Michael Young 2015-02-03 20:05:43 UTC
Fedora isn't affected as we haven't yet built xen on ARM. The patches have however been applied to xen-4.5.0-1.fc22 and the other Fedora versions will have patched code when xen-4.4.2 and xen-4.3.4 (currently both at -rc1) are released.

Comment 5 Vasyl Kaigorodov 2015-02-10 13:35:46 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1563 to
the following vulnerability:

Name: CVE-2015-1563
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1563
Assigned: 20150208
Reference: http://xenbits.xen.org/xsa/advisory-118.html

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows
local guests to cause a denial of service by causing a large number
messages to be logged.

Comment 6 Fedora Update System 2015-03-23 07:10:13 UTC
xen-4.4.1-16.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.