Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1187153 - (CVE-2015-1563) CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging on ARM architectures (XSA-118)
CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging o...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150129,reported=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-29 07:31 EST by Vasyl Kaigorodov
Modified: 2017-01-19 11:04 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
xsa118-4.4.patch (4.67 KB, text/plain)
2015-01-29 07:33 EST, Vasyl Kaigorodov 		no flags Details
xsa118-4.5-unstable-1.patch (10.00 KB, text/plain)
2015-01-29 07:33 EST, Vasyl Kaigorodov 		no flags Details
xsa118-4.5-unstable-2.patch (4.79 KB, text/plain)
2015-01-29 07:33 EST, Vasyl Kaigorodov 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vasyl Kaigorodov 2015-01-29 07:31:21 EST 
ISSUE DESCRIPTION
=================

On ARM systems the code which deals with virtualising the GIC
distributor would, under various circumstances, log messages on a
guest accessible code path without appropriate rate limiting.

IMPACT
======

A malicious guest could cause repeated logging to the hypervisor
console, leading to a Denial of Service attack.

VULNERABLE SYSTEMS
==================

Xen 4.4 and later systems running on ARM hardware are vulnerable.

x86 systems are not affected.

MITIGATION
==========

The problematic log messages are issued with priority Warning.

Therefore they can be rate limited by adding "loglvl=error/warning" to the
hypervisor command line or suppressed entirely by adding "loglvl=error".

Applying the attached patch(es) resolves this issue.

Statement:

This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5.

Acknowledgments:

Red Hat would like to thank the Xen for reporting this issue. Upstream acknowledges Julien Grall as the original reporter.
Comment 1 Vasyl Kaigorodov 2015-01-29 07:33:16 EST 
Created attachment 985562 [details]
xsa118-4.4.patch
Comment 2 Vasyl Kaigorodov 2015-01-29 07:33:20 EST 
Created attachment 985563 [details]
xsa118-4.5-unstable-1.patch
Comment 3 Vasyl Kaigorodov 2015-01-29 07:33:24 EST 
Created attachment 985564 [details]
xsa118-4.5-unstable-2.patch
Comment 4 Michael Young 2015-02-03 15:05:43 EST 
Fedora isn't affected as we haven't yet built xen on ARM. The patches have however been applied to xen-4.5.0-1.fc22 and the other Fedora versions will have patched code when xen-4.4.2 and xen-4.3.4 (currently both at -rc1) are released.
Comment 5 Vasyl Kaigorodov 2015-02-10 08:35:46 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1563 to
the following vulnerability:

Name: CVE-2015-1563
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1563
Assigned: 20150208
Reference: http://xenbits.xen.org/xsa/advisory-118.html

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows
local guests to cause a denial of service by causing a large number
messages to be logged.
Comment 6 Fedora Update System 2015-03-23 03:10:13 EDT 
xen-4.4.1-16.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.