Bugzilla – Bug 956408
VUL-0: CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159)
Last modified: 2021-01-21 18:26:16 UTC
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 8, 2015". When done, reassign the bug to "security-team@suse.de". /update/121035/.
bugbot adjusting priority
The following CVEs were assigned to this issue: CVE-2015-8339, CVE-2015-8340
QA: Seems not easy to reproduce or to regression test.
is public Xen Security Advisory CVE-2015-8339,CVE-2015-8340 / XSA-159 version 4 XENMEM_exchange error handling issues UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= Error handling in the operation may involve handing back pages to the domain. This operation may fail when in parallel the domain gets torn down. So far this failure unconditionally resulted in the host being brought down due to an internal error being assumed. This is CVE-2015-8339. Furthermore error handling so far wrongly included the release of a lock. That lock, however, was either not acquired or already released on all paths leading to the error handling sequence. This is CVE-2015-8340. IMPACT ====== A malicious guest administrator may be able to deny service by crashing the host or causing a deadlock. VULNERABLE SYSTEMS ================== All Xen versions from at least 3.2 onwards are vulnerable. Older versions have not been inspected. MITIGATION ========== The vulnerability can be avoided if the guest kernel is controlled by the host rather than guest administrator, provided that further steps are taken to prevent the guest administrator from loading code into the kernel (e.g. by disabling loadable modules etc) or from using other mechanisms which allow them to run code at kernel privilege. In Xen HVM, controlling the guest's kernel would involve locking down the bootloader. CREDITS ======= This issue was discovered by Julien Grall of Citrix and Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa159.patch xen-unstable, Xen 4.6.x, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x $ sha256sum xsa159* 05c35871c1430e9cfdbee049411b23fca6c64c5bc9f112d7508afe5cbd289cef xsa159.patch $
SUSE-SU-2015:2306-1: An update that fixes 10 vulnerabilities is now available. Category: security (moderate) Bug References: 950703,950704,950705,950706,951845,953527,954405,956408,956411,956832 CVE References: CVE-2015-5307,CVE-2015-7504,CVE-2015-7969,CVE-2015-7970,CVE-2015-7971,CVE-2015-7972,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8345 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): xen-4.1.6_08-23.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): xen-4.1.6_08-23.1
SUSE-SU-2015:2324-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 947165,954018,954405,956408,956409,956411,956592,956832 CVE References: CVE-2015-3259,CVE-2015-4106,CVE-2015-5154,CVE-2015-5239,CVE-2015-5307,CVE-2015-6815,CVE-2015-7311,CVE-2015-7504,CVE-2015-7835,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): xen-4.5.2_02-4.1 SUSE Linux Enterprise Server 12-SP1 (src): xen-4.5.2_02-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): xen-4.5.2_02-4.1
SUSE-SU-2015:2326-1: An update that solves 12 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 947165,950703,950704,950705,950706,951845,954018,954405,956408,956409,956411,956592,956832 CVE References: CVE-2015-5307,CVE-2015-7311,CVE-2015-7504,CVE-2015-7969,CVE-2015-7970,CVE-2015-7971,CVE-2015-7972,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP3 (src): xen-4.2.5_18-21.1 SUSE Linux Enterprise Server 11-SP3 (src): xen-4.2.5_18-21.1 SUSE Linux Enterprise Desktop 11-SP3 (src): xen-4.2.5_18-21.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_18-21.1
SUSE-SU-2015:2328-1: An update that fixes 13 vulnerabilities is now available. Category: security (moderate) Bug References: 947165,950703,950704,950705,950706,951845,954018,954405,956408,956409,956411,956592,956832 CVE References: CVE-2015-5307,CVE-2015-7311,CVE-2015-7504,CVE-2015-7835,CVE-2015-7969,CVE-2015-7970,CVE-2015-7971,CVE-2015-7972,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.3_06-22.15.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.3_06-22.15.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.3_06-22.15.1
released
SUSE-SU-2015:2338-1: An update that solves 13 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 947165,950703,950704,950705,950706,951845,954018,954405,955399,956408,956409,956411,956592,956832 CVE References: CVE-2015-5307,CVE-2015-7311,CVE-2015-7504,CVE-2015-7835,CVE-2015-7969,CVE-2015-7970,CVE-2015-7971,CVE-2015-7972,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.3_06-29.1 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.3_06-29.1 SUSE Linux Enterprise Desktop 11-SP4 (src): xen-4.4.3_06-29.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.3_06-29.1
openSUSE-SU-2016:0123-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 954018,956408,956409,956411,956592,956832,957988,958007,958009,958493,958523,958918,959006,959387 CVE References: CVE-2015-5307,CVE-2015-7504,CVE-2015-7549,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568 Sources used: openSUSE 13.2 (src): xen-4.4.3_08-36.1
openSUSE-SU-2016:0124-1: An update that solves 15 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 947165,950704,954018,954405,956408,956409,956411,956592,956832,957988,958007,958009,958493,958523,958918,959006 CVE References: CVE-2015-5307,CVE-2015-7311,CVE-2015-7504,CVE-2015-7549,CVE-2015-7970,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558 Sources used: openSUSE 13.1 (src): xen-4.3.4_10-53.1
openSUSE-SU-2016:0126-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 954018,956408,956409,956411,956592,956832,957988,958007,958009,958493,958523,958918,959006,959387 CVE References: CVE-2015-5307,CVE-2015-7504,CVE-2015-7549,CVE-2015-8339,CVE-2015-8340,CVE-2015-8341,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568 Sources used: openSUSE Leap 42.1 (src): xen-4.5.2_04-9.2
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2016-01-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62448
SUSE-SU-2016:0658-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 877642,932267,944463,950706,953527,954405,956408,956411,957988,958009,958493,958523,962360 CVE References: CVE-2014-0222,CVE-2015-4037,CVE-2015-5239,CVE-2015-5307,CVE-2015-7504,CVE-2015-7512,CVE-2015-7971,CVE-2015-8104,CVE-2015-8339,CVE-2015-8340,CVE-2015-8504,CVE-2015-8550,CVE-2015-8555 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): xen-3.2.3_17040_46-0.23.2