Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

Home Providers
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Xen Providers be aware Advisory XSA-182 (guest can access the host)

GalaxyHostPlusGalaxyHostPlus Member
in Providers

https://xenbits.xen.org/xsa/advisory-182.html

ISSUE DESCRIPTION

The PV pagetable code has fast-paths for making updates to pre-existing
pagetable entries, to skip expensive re-validation in safe cases
(e.g. clearing only Access/Dirty bits). The bits considered safe were too
broad, and not actually safe.

IMPACT

A malicous PV guest administrator can escalate their privilege to that
of the host.

VULNERABLE SYSTEMS

All versions of Xen are vulnerable.

The vulnerability is only exposed to PV guests on x86 hardware.

The vulnerability is not exposed to x86 HVM guests, or ARM guests.

MITIGATION

Running only HVM guests will avoid this vulnerability.

CREDITS

This issue was discovered by Jérémie Boutoille of Quarkslab.

RESOLUTION

Applying the appropriate attached patch resolves this issue.

xsa182.patch xen-unstable, Xen 4.7.x
xsa182-4.6.patch Xen 4.6.x
xsa182-4.5.patch Xen 4.5.x, 4.4.x, 4.3.x

$ sha256sum xsa182*
303400b9a832a3c1d423cc2cc97c2f00482793722f9ef7dd246783a049ac2792 xsa182-unstable.patch
2383695b1dc114e4e31e42dd05d4c86239ce9606478b5e1a71db1111d95b63a2 xsa182-4.5.patch
f10665acaf17dedd15c40bfeb832b188db1ab3e789d95cc3787575529a280813 xsa182-4.6.patch
$

DEPLOYMENT DURING EMBARGO

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable. This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
http://www.xenproject.org/security-policy.html

Sign In or Register to comment.