Bugzilla – Bug 922709
VUL-0: CVE-2015-2751: xen: XSA-127: Certain domctl operations may be abused to lock up the host
Last modified: 2016-04-27 19:36:11 UTC
Checked versions: SLE 10 SP3: 3.2.3 not affected. SLE 11 SP1: 4.0.3 not affected. SLE 11 SP3: 4.2.5 not affected. SLE 12 GA: 4.4.1 affected.
bugbot adjusting priority
public now
Hash: SHA1 Xen Security Advisory CVE-2015-2751 / XSA-127 version 2 Certain domctl operations may be abused to lock up the host UPDATES IN VERSION 2 ==================== CVE assigned. Public release. ISSUE DESCRIPTION ================= XSA-77 put the majority of the domctl operations on a list excepting them from having security advisories issued for them if any effects their use might have could hamper security. Subsequently some of them got declared disaggregation safe, but for a small subset this was not really correct: Their (mis-)use may result in host lockups. As a result, the potential security benefits of toolstack disaggregation are not always fully realised. IMPACT ====== Domains deliberately given partial management control may be able to deny service to the entire host. As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design. VULNERABLE SYSTEMS ================== Xen versions 4.3 onwards are vulnerable. Xen versions 4.2 and earlier do not have the described disaggregation functionality and hence are not vulnerable. MITIGATION ========== The issues discussed in this advisory are themselves bugs in features used for a security risk mitigation. There is no further mitigation available, beyond general measures to try to avoid parts of the system management becoming controlled by attackers. Those are the kind of measures which we expect any users of radical disaggregation to have already deployed. Switching from disaggregated to a non-disaggregated operation does NOT mitigate these vulnerabilities. Rather, it simply recategorises the vulnerability to hostile management code, regarding it "as designed"; thus it merely reclassifies these issues as "not a bug". Users and vendors of disaggregated systems should not change their configuration. The robustness benefits of disaggregation are unaffected, and (depending on system design) security benefits are likely to remain despite the vulnerabilities. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa127-unstable.patch xen-unstable xsa127-4.x.patch Xen 4.5.x, Xen 4.4.x, Xen 4.3.x $ sha256sum xsa127*.patch 5b98280738a205c40f56d0a7feb6ea6cd867da7ac1e0d9f4fc4620bae2c09171 xsa127.patch e5fd3c126ae10fe45283e6eb1a4216b75057f1772d869d2b3a26398b0984c7bd xsa127-4.x.patch $
Submitted. SLE-12: MR#53894
SUSE-SU-2015:0701-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 921842,922705,922706,922709,923758 CVE References: CVE-2015-2751,CVE-2015-2752,CVE-2015-2756 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.2_02-15.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.2_02-15.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.2_02-15.1
SUSE-SU-2015:0923-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 922705,922709,927967,929339 CVE References: CVE-2015-2751,CVE-2015-2752,CVE-2015-3340,CVE-2015-3456 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.2_04-18.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.2_04-18.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.2_04-18.1
released
openSUSE-SU-2015:1092-1: An update that solves 17 vulnerabilities and has 10 fixes is now available. Category: security (important) Bug References: 861318,882089,895528,901488,903680,906689,910254,912011,918995,918998,919098,919464,919663,921842,922705,922706,922709,923758,927967,929339,931625,931626,931627,931628,932770,932790,932996 CVE References: CVE-2014-3615,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152,CVE-2015-2751,CVE-2015-2752,CVE-2015-2756,CVE-2015-3209,CVE-2015-3340,CVE-2015-3456,CVE-2015-4103,CVE-2015-4104,CVE-2015-4105,CVE-2015-4106,CVE-2015-4163,CVE-2015-4164 Sources used: openSUSE 13.2 (src): xen-4.4.2_06-23.1
openSUSE-SU-2015:1094-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 922709,931625,931626,931627,931628,932770,932790,932996 CVE References: CVE-2015-2751,CVE-2015-3209,CVE-2015-4103,CVE-2015-4104,CVE-2015-4105,CVE-2015-4106,CVE-2015-4163,CVE-2015-4164 Sources used: openSUSE 13.1 (src): xen-4.3.4_05-47.1
SUSE-SU-2015:1479-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 922709,932996,935634,938344,939709,939712 CVE References: CVE-2015-2751,CVE-2015-3259,CVE-2015-4164,CVE-2015-5154,CVE-2015-5165,CVE-2015-5166 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP3 (src): xen-4.2.5_12-15.1 SUSE Linux Enterprise Server 11-SP3 (src): xen-4.2.5_12-15.1 SUSE Linux Enterprise Desktop 11-SP3 (src): xen-4.2.5_12-15.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_12-15.1
SUSE-SU-2015:1479-2: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 922709,932996,935634,938344,939709,939712 CVE References: CVE-2015-2751,CVE-2015-3259,CVE-2015-4164,CVE-2015-5154,CVE-2015-5165,CVE-2015-5166 Sources used: SUSE Linux Enterprise Desktop 11-SP3 (src): xen-4.2.5_12-15.1