Bug 1458877 (CVE-2017-10919, xsa223) - CVE-2017-10919 xsa223 xen: ARM guest disabling interrupt may crash Xen (XSA-223)
Summary: CVE-2017-10919 xsa223 xen: ARM guest disabling interrupt may crash Xen (XSA-223)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-10919, xsa223
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1463247
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-05 17:43 UTC by Adam Mariš
Modified: 2019-09-29 14:14 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:14:33 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-06-05 17:43:29 UTC
ISSUE DESCRIPTION
=================

Virtual interrupt injection could be triggered by a guest when sending
an SGI (e.g IPI) to any vCPU or by configuring timers. When the virtual
interrupt is masked, a missing check in the injection path may result in
reading invalid hardware register or crashing the host.

IMPACT
======

A guest may cause a hypervisor crash, resulting in a Denial of Service
(DoS).

VULNERABLE SYSTEMS
==================

All Xen versions which support ARM are affected.

x86 systems are not affected.

Mitigation:

On systems where the guest kernel is controlled by the host rather than
guest administrator, running only kernels which do not disable SGI and
PPI (i.e IRQ < 32) will prevent untrusted guest users from exploiting
this issue. However untrusted guest administrators can still trigger it
unless further steps are taken to prevent them from loading code into
the kernel (e.g by disabling loadable modules etc) or from using other
mechanisms which allow them to run code at kernel privilege.

External References:

http://xenbits.xen.org/xsa/advisory-223.html

Acknowledgements:

Name: the Xen project
Upstream: Julien Grall (ARM)

Comment 1 Adam Mariš 2017-06-20 12:36:29 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1463247]


Note You need to log in before you can comment on or make changes to this bug.