840592 – (CVE-2013-4355) VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks through I/O instruction emulation

Bug 840592 (CVE-2013-4355) - VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks through I/O instruction emulation

Summary: VUL-0: CVE-2013-4355: XSA-63: xen: Information leaks through I/O instruction ...

Status:	RESOLVED FIXED

Alias:	CVE-2013-4355

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2013-11-11
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp2:54870 maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-09-16 14:24 UTC by Alexander Bergmann
Modified:	2019-08-16 16:43 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Swamp Workflow Management 2013-09-16 22:00:34 UTC

bugbot adjusting priority

Comment 4 Marcus Meissner 2013-10-01 07:35:16 UTC

public now

              Xen Security Advisory CVE-2013-4355 / XSA-63
                             version 3

         Information leaks through I/O instruction emulation

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

Insufficient or missing error handling in certain routines dealing
with guest memory reads can lead to uninitialized data on the
hypervisor stack (potentially containing sensitive data from prior
work the hypervisor performed) being copied to guest visible storage.

This allows a malicious HVM guest to craft certain operations (namely,
but not limited to, port or memory mapped I/O writes) involving
physical or virtual addresses that have no actual memory associated
with them, so that hypervisor stack contents are copied into the
destination of the operation, thus becoming visible to the guest.

IMPACT
======

A malicious HVM guest might be able to read sensitive data relating
to other guests.

VULNERABLE SYSTEMS
==================

Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.

Only HVM guests can take advantage of this vulnerability.

MITIGATION
==========

Running only PV guests will avoid this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper & Tim Deegan.

Comment 5 Swamp Workflow Management 2013-10-26 08:14:51 UTC

The SWAMPID for this issue is 54856.
This issue was rated as moderate.
Please submit fixed packages until 2013-11-11.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 9 Swamp Workflow Management 2013-11-07 11:06:54 UTC

openSUSE-SU-2013:1636-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 828623,833251,833796,834751,839596,839600,840196,840592,841766,842511,845520
CVE References: CVE-2013-1442,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4416
Sources used:
openSUSE 12.2 (src):    xen-4.1.6_01-5.33.1

Comment 10 Swamp Workflow Management 2013-11-19 13:05:19 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)

Comment 11 Marcus Meissner 2013-11-27 10:28:01 UTC

released

Comment 12 Swamp Workflow Management 2013-11-27 13:03:55 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, x86_64)

Comment 13 Swamp Workflow Management 2013-11-29 15:04:49 UTC

Update released for: xen, xen-debuginfo, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 14 Swamp Workflow Management 2013-11-29 16:05:24 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-libs, xen-tools, xen-tools-domU
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)

Comment 15 Swamp Workflow Management 2014-03-20 08:48:34 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-bigsmp, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-kdumppae, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-kmp-vmi, xen-kmp-vmipae, xen-libs, xen-libs-32bit, xen-libs-x86, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-DEBUGINFO 10-SP4 (i386, x86_64)
SLE-SERVER 10-SP4-LTSS (i386, x86_64)

Comment 16 Swamp Workflow Management 2014-03-20 12:05:06 UTC

SUSE-SU-2014:0411-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 787163,813673,813677,823011,840592,842511,848657,849668,853049
CVE References: CVE-2012-4544,CVE-2013-1917,CVE-2013-1920,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-4355,CVE-2013-4368,CVE-2013-4494,CVE-2013-4554,CVE-2013-6885
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    xen-3.2.3_17040_46-0.7.1

Comment 17 Swamp Workflow Management 2014-03-25 18:48:45 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-kmp-debug, xen-kmp-default, xen-kmp-pae, xen-kmp-trace, xen-kmp-vmi, xen-libs, xen-libs-32bit, xen-tools, xen-tools-domU
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-SERVER 11-SP1-LTSS (i386, x86_64)

Comment 18 Swamp Workflow Management 2014-03-25 22:10:14 UTC

SUSE-SU-2014:0446-1: An update that fixes 47 vulnerabilities is now available.

Category: security (important)
Bug References: 777628,777890,779212,786516,786517,786519,786520,787163,789944,789945,789948,789950,789951,794316,797031,797523,800275,805094,813673,813675,813677,816156,816159,816163,819416,820917,820919,823011,823608,826882,831120,839596,839618,840592,841766,842511,848657,849667,849668,853049,860163
CVE References: CVE-2006-1056,CVE-2007-0998,CVE-2012-3497,CVE-2012-4411,CVE-2012-4535,CVE-2012-4537,CVE-2012-4538,CVE-2012-4539,CVE-2012-4544,CVE-2012-5510,CVE-2012-5511,CVE-2012-5513,CVE-2012-5514,CVE-2012-5515,CVE-2012-5634,CVE-2012-6075,CVE-2012-6333,CVE-2013-0153,CVE-2013-0154,CVE-2013-1432,CVE-2013-1442,CVE-2013-1917,CVE-2013-1918,CVE-2013-1919,CVE-2013-1920,CVE-2013-1952,CVE-2013-1964,CVE-2013-2072,CVE-2013-2076,CVE-2013-2077,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-2211,CVE-2013-2212,CVE-2013-4329,CVE-2013-4355,CVE-2013-4361,CVE-2013-4368,CVE-2013-4494,CVE-2013-4553,CVE-2013-4554,CVE-2013-6885,CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    xen-4.0.3_21548_16-0.5.1

Comment 19 Swamp Workflow Management 2014-04-01 14:55:08 UTC

Update released for: xen, xen-debuginfo, xen-debugsource, xen-devel, xen-doc-html, xen-doc-pdf, xen-doc-ps, xen-kmp-bigsmp, xen-kmp-debug, xen-kmp-default, xen-kmp-kdump, xen-kmp-kdumppae, xen-kmp-pae, xen-kmp-smp, xen-kmp-trace, xen-kmp-vmi, xen-kmp-vmipae, xen-libs, xen-libs-32bit, xen-libs-x86, xen-tools, xen-tools-domU, xen-tools-ioemu
Products:
SLE-DEBUGINFO 10-SP3 (i386, x86_64)
SLE-SERVER 10-SP3-LTSS (i386, x86_64)

Comment 20 Swamp Workflow Management 2014-04-01 18:05:59 UTC

SUSE-SU-2014:0470-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 786516,786517,787163,789950,789951,813673,813677,823011,840592,842511,848657,849668,853049
CVE References: CVE-2012-4535,CVE-2012-4537,CVE-2012-4544,CVE-2012-5513,CVE-2012-5515,CVE-2013-1917,CVE-2013-1920,CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CVE-2013-4355,CVE-2013-4368,CVE-2013-4494,CVE-2013-4554,CVE-2013-6885
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    xen-3.2.3_17040_28-0.6.21.3