Bugzilla – Bug 839596
VUL-0: CVE-2013-1442: XSA-62: xen: Information leak on AVX and/or LWP capable CPUs
Last modified: 2015-02-19 01:32:01 UTC
Created attachment 556925 [details] xsa62-4.1.patch Xen 4.1.x
Created attachment 556926 [details] xsa62.patch Xen 4.2.x, 4.3.x, and unstable
bugbot adjusting priority
Public now. Xen Security Advisory CVE-2013-1442 / XSA-62 version 2 Information leak on AVX and/or LWP capable CPUs UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= When a guest increases the set of extended state components for a vCPU saved/ restored via XSAVE/XRSTOR (to date this can only be the upper halves of YMM registers, or AMD's LWP state) after already having touched other extended registers restored via XRSTOR (e.g. floating point or XMM ones) during its current scheduled CPU quantum, the hypervisor would make those registers accessible without discarding the values an earlier scheduled vCPU may have left in them. IMPACT ====== A malicious domain may be able to leverage this to obtain sensitive information such as cryptographic keys from another domain. VULNERABLE SYSTEMS ================== Xen 4.0 and onwards are vulnerable when run on systems with processors supporting AVX and/or LWP. Any kind of guest can exploit the vulnerability. In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default; therefore systems running these versions are not vulnerable unless support is explicitly enabled using the "xsave" hypervisor command line option. Systems using processors supporting neither AVX nor LWP are not vulnerable. Xen 3.x and earlier are not vulnerable. MITIGATION ========== Turning off XSAVE support via the "no-xsave" hypervisor command line option will avoid the vulnerability. CREDITS ======= Jan Beulich discovered this issue. RESOLUTION ========== Applying the attached patch resolves this issue. xsa62.patch Xen 4.2.x, 4.3.x, and unstable xsa62-4.1.patch Xen 4.1.x $ sha256sum xsa62*.patch 3cec8ec26552f2142c044422f1bc0f77892e681d789d1f360ecc06e1d714b6bb xsa62-4.1.patch 364577f317a714099c068eb1ab771643ada99b5067fdd1eb5149fa5db649b856 xsa62.patch
openSUSE-SU-2013:1636-1: An update that solves 5 vulnerabilities and has 6 fixes is now available. Category: security (moderate) Bug References: 828623,833251,833796,834751,839596,839600,840196,840592,841766,842511,845520 CVE References: CVE-2013-1442,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4416 Sources used: openSUSE 12.2 (src): xen-4.1.6_01-5.33.1
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP2 (i386, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
released
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP3 (i386, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, x86_64)
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
openSUSE-SU-2013:1953-1: An update that solves 9 vulnerabilities and has 9 fixes is now available. Category: security (moderate) Bug References: 828623,833251,833483,833796,834751,835896,836239,839596,839600,840196,840592,841766,842511,842512,842513,842514,842515,845520 CVE References: CVE-2013-1442,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4369,CVE-2013-4370,CVE-2013-4371,CVE-2013-4375,CVE-2013-4416 Sources used: openSUSE 12.3 (src): xen-4.2.3_01-1.22.4
Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU Products: SLE-DEBUGINFO 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1-LTSS (i386, x86_64)
SUSE-SU-2014:0446-1: An update that fixes 47 vulnerabilities is now available. Category: security (important) Bug References: 777628,777890,779212,786516,786517,786519,786520,787163,789944,789945,789948,789950,789951,794316,797031,797523,800275,805094,813673,813675,813677,816156,816159,816163,819416,820917,820919,823011,823608,826882,831120,839596,839618,840592,841766,842511,848657,849667,849668,853049,860163 CVE References: CVE-2006-1056,CVE-2007-0998,CVE-2012-3497,CVE-2012-4411,CVE-2012-4535,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544,CVE-2012-5510,CVE-2012-5511,CVE-2012-5513,CVE-2012-5514,CVE-2012-5515,CVE-2012-5634,CVE-2012-6075,CVE-2012-6333,CVE-2013-0153,CVE-2013-0154,CVE-2013-1432,CVE-2013-1442,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-2211,CVE-2013-2212,CVE-2013-4329,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4494,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): xen-4.0.3_21548_16-0.5.1