Bug 1499818 (CVE-2017-15591, xsa238) - CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)
Summary: CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-15591, xsa238
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1501391
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-09 12:51 UTC by Adam Mariš
Modified: 2019-09-29 14:23 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:27:08 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-10-09 12:51:18 UTC
ISSUE DESCRIPTION
=================

DMOPs (which were a subgroup of HVMOPs in older releases) allow guests
to control and drive other guests.  The I/O request server page mapping
interface uses range sets to represent I/O resources the emulation of
which is provided by a given I/O request server.  The internals of the
range set implementation require that ranges have a starting value no
lower than the ending one.  Checks for this fact were missing.

IMPACT
======

Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.

Only domains controlling HVM guests can exploit this vulnerability.
(This includes domains providing hardware emulation services to HVM
guests.)

VULNERABLE SYSTEMS
==================

Xen versions 4.5 and later are vulnerable.  Xen versions 4.4 and
earlier are not vulnerable.

Only x86 systems are affected.  ARM systems are not affected.

This vulnerability is only applicable to Xen systems using stub domains
or other forms of disaggregation of control domains for HVM guests.

MITIGATION
==========

Running only PV guests will avoid this issue.

(The security of a Xen system using stub domains is still better than
with a qemu-dm running as an unrestricted dom0 process.  Therefore
users with these configurations should not switch to an unrestricted
dom0 qemu-dm.)

External References:

http://xenbits.xen.org/xsa/advisory-238.html

Comment 1 Adam Mariš 2017-10-12 13:42:48 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1501391]

Comment 2 Adam Mariš 2017-12-06 13:56:08 UTC
Acknowledgments:

Name: the Xen project
Upstream: Vitaly Kuznetsov (Red Hat)


Note You need to log in before you can comment on or make changes to this bug.