Hide Forgot
ISSUE DESCRIPTION ================= On ARM systems the code which deals with virtualising the GIC distributor would, under various circumstances, log messages on a guest accessible code path without appropriate rate limiting. IMPACT ====== A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack. VULNERABLE SYSTEMS ================== Xen 4.4 and later systems running on ARM hardware are vulnerable. x86 systems are not affected. MITIGATION ========== The problematic log messages are issued with priority Warning. Therefore they can be rate limited by adding "loglvl=error/warning" to the hypervisor command line or suppressed entirely by adding "loglvl=error". Applying the attached patch(es) resolves this issue. Statement: This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5. Acknowledgments: Red Hat would like to thank the Xen for reporting this issue. Upstream acknowledges Julien Grall as the original reporter.
Created attachment 985562 [details] xsa118-4.4.patch
Created attachment 985563 [details] xsa118-4.5-unstable-1.patch
Created attachment 985564 [details] xsa118-4.5-unstable-2.patch
Fedora isn't affected as we haven't yet built xen on ARM. The patches have however been applied to xen-4.5.0-1.fc22 and the other Fedora versions will have patched code when xen-4.4.2 and xen-4.3.4 (currently both at -rc1) are released.
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1563 to the following vulnerability: Name: CVE-2015-1563 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1563 Assigned: 20150208 Reference: http://xenbits.xen.org/xsa/advisory-118.html The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.
xen-4.4.1-16.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.