Bugzilla – Bug 919464
VUL-0: CVE-2015-2151: xen: XSA-123: Hypervisor memory corruption due to x86 emulator flaw
Last modified: 2015-12-08 16:18:08 UTC
Created attachment 624469 [details] xen-unstable, Xen 4.5.x, Xen 4.4.x
If possible I would like to include that into the running update MaintenanceTracker-60766
bugbot adjusting priority
CVE was assigned: CVE-2015-2151
SLE12: MR#52782 SLE11-SP3: SR#52784 SLE11-SP2: SR#52786 SLE11-SP1: SR#52788 SLE11-SP1-Teradata: SR#52790 SLE10-SP4: SR#52792 SLE10-SP3: SR#52794
is public
SUSE-SU-2015:0613-1: An update that solves 8 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 861318,882089,895528,901488,903680,904255,906996,910254,910681,912011,918995,918998,919098,919464,919663 CVE References: CVE-2014-3615,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.1_10-9.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.1_10-9.1
Xen Security Advisory CVE-2015-2151 / XSA-123 version 4 Hypervisor memory corruption due to x86 emulator flaw UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= Instructions with register operands ignore eventual segment overrides encoded for them. Due to an insufficiently conditional assignment such a bogus segment override can, however, corrupt a pointer used subsequently to store the result of the instruction. IMPACT ====== A malicious guest might be able to read sensitive data relating to other guests, or to cause denial of service on the host. Arbitrary code execution, and therefore privilege escalation, cannot be excluded. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. Only x86 systems are vulnerable. ARM systems are not vulnerable. MITIGATION ========== There is no mitigation available for this issue. CREDITS ======= This issue was discovered by Felix Wilhelm of ERNW GmbH. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa123.patch xen-unstable, Xen 4.5.x, Xen 4.4.x xsa123-4.3-4.2.patch Xen 4.3.x, Xen 4.2.x $ sha256sum xsa123*.patch e6da3a2c35b50e163b15100ef28a48dca429160104f346fc82be4711fe60f64f xsa123-4.3-4.2.patch 994cf1487ec5c455fce4877168901e03283f0002062dcff8895a17ca30e010df xsa123.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html
openSUSE-SU-2015:0732-1: An update that solves 7 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 861318,895528,901488,903680,910254,918995,918998,919098,919464,919663,922705,922706 CVE References: CVE-2014-3615,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152,CVE-2015-2752,CVE-2015-2756 Sources used: openSUSE 13.1 (src): xen-4.3.4_02-41.1
SUSE-SU-2015:0744-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 918995,918998,919464,922705 CVE References: CVE-2013-3495,CVE-2014-3615,CVE-2014-5146,CVE-2014-5149,CVE-2014-9065,CVE-2014-9066,CVE-2015-0361,CVE-2015-2044,CVE-2015-2045 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): xen-3.2.3_17040_46-0.13.1
SUSE-SU-2015:0745-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 918995,918998,919464,922705,922706 CVE References: CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2756 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): xen-4.0.3_21548_18-0.15.1
SUSE-SU-2015:0746-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 907755,918995,918998,919464,922705,922706 CVE References: CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2756 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): xen-4.1.6_08-0.9.1
SUSE-SU-2015:0747-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 918995,918998,919341,919464,922705,922706 CVE References: CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2756 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): xen-4.2.5_04-0.9.1 SUSE Linux Enterprise Server 11 SP3 (src): xen-4.2.5_04-0.9.1 SUSE Linux Enterprise Desktop 11 SP3 (src): xen-4.2.5_04-0.9.1
openSUSE-SU-2015:1092-1: An update that solves 17 vulnerabilities and has 10 fixes is now available. Category: security (important) Bug References: 861318,882089,895528,901488,903680,906689,910254,912011,918995,918998,919098,919464,919663,921842,922705,922706,922709,923758,927967,929339,931625,931626,931627,931628,932770,932790,932996 CVE References: CVE-2014-3615,CVE-2015-2044,CVE-2015-2045,CVE-2015-2151,CVE-2015-2152,CVE-2015-2751,CVE-2015-2752,CVE-2015-2756,CVE-2015-3209,CVE-2015-3340,CVE-2015-3456,CVE-2015-4103,CVE-2015-4104,CVE-2015-4105,CVE-2015-4106,CVE-2015-4163,CVE-2015-4164 Sources used: openSUSE 13.2 (src): xen-4.4.2_06-23.1
released