Ubuntu
xen package

CVE-2016-2270 / XSA-154

Bug #1564909 reported by Philipp Hahn on 2016-04-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xen (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

<http://xenbits.xen.org/xsa/advisory-154.html> seems to be unfixed in xen-4.1.6.1
x86: inconsistent cachability flags on guest mappings

Tags:

CVE References

Revision history for this message

Philipp Hahn (pmhahn) wrote on 2016-04-01:

#1

x86: enforce consistent cachability of MMIO mappings Edit (12.8 KiB, text/plain)

Revision history for this message

Philipp Hahn (pmhahn) wrote on 2016-04-01:

#2

x86: make get_page_from_l1e() return a proper error code Edit (8.3 KiB, text/plain)

backport be640b1

Revision history for this message

Philipp Hahn (pmhahn) wrote on 2016-04-01:

#3

x86: make mod_l1_entry() return a proper error code Edit (4.3 KiB, text/plain)

backport 541ce47

Revision history for this message

Philipp Hahn (pmhahn) wrote on 2016-04-01:

#4

x86: make mod_l2_entry() return a proper error code Edit (7.1 KiB, text/plain)

backport 7f107ea

Revision history for this message

Philipp Hahn (pmhahn) wrote on 2016-04-01:

#5

x86/mm: fix mod_l1_entry() return value when encountering r/o MMIO page Edit (1.5 KiB, text/plain)

backport 70622118ee7bb925205c5d8c1e7bec82fc257351

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-04-08:

#6

This was fixed by the following update:

xen (4.1.6.1-0ubuntu0.12.04.10) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: make get_page_from_l1e() return a proper error code
      * x86: make mod_l1_entry() return a proper error code
      * x86/mm: fix mod_l1_entry() return value when encountering r/o MMIO
        page
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

-- Stefan Bader <email address hidden> Thu, 25 Feb 2016 09:25:57 +0100

information type:	Private Security → Public Security
Changed in xen (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.