-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory XSA-216
blkif responses leak backend stack data
UPDATES IN VERSION 3
Fix a typo ("our" for "or" in Vulnerable Systems).
The block interface response structure has some discontiguous fields.
Certain backends populate the structure fields of an otherwise
uninitialized instance of this structure on their stacks, leaking
data through the (internal or trailing) padding field.
A malicious unprivileged guest may be able to obtain sensitive
information from the host or other guests.
All Linux versions supporting the xen-blkback, blkback, or blktap
drivers are vulnerable.
FreeBSD, NetBSD and Windows (with or without PV drivers) are not
vulnerable (either because they do not have backends at all, or
because they use a different implementation technique which does not
suffer from this problem).
All qemu versions supporting the Xen block backend are vulnerable. The
qemu-xen-traditional code base does not include such code, so is not
vulnerable. Note that an instance of qemu will be spawned to provide
the backend for most non-raw-format disks; so you may need to apply the
patch to qemu even if you use only PV guests.
There's no mitigation available for x86 PV and ARM guests.
For x86 HVM guests it may be possible to change the guest
configuaration such that a fully virtualized disk is being made
available instead. However, this would normally entail changes inside
the guest itself.
This issue was discovered by Anthony Perard of Citrix.
Reported by: Anthony Perard <[hidden email]>
Applying the appropriate attached patch resolves this issue.
xsa216-linux-4.11.patch Linux 4.5 ... 4.11
xsa216-linux-4.4.patch Linux 3.3 ... 4.4
xsa216-qemuu.patch qemu-upstream master, 4.8
xsa216-qemuu-4.7.patch qemu-upstream 4.7, 4.6
xsa216-qemuu-4.5.patch qemu-upstream 4.5
$ sha256sum xsa216*
DEPLOYMENT DURING EMBARGO
Deployment of the patches described above (or others which are
substantially similar) is permitted during the embargo, even on
public-facing systems with untrusted guest users and administrators.
However, deployment of the mitigation is NOT permitted (except where
all the affected systems and VMs are administered and used only by
organisations which are members of the Xen Project Security Issues
Predisclosure List). Specifically, deployment on public cloud systems
is NOT permitted. This is because this produces a guest-visible
change which will indicate which component contains the vulnerability.
Additionally, distribution of updated software is prohibited (except to other
members of the predisclosure list).
Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable. This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)
For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
Xen-announce mailing list
|Free forum by Nabble||Edit this page|