http://xenbits.xen.org/xsa/advisory-122.html
ISSUE DESCRIPTION
=================
The code handling certain sub-operations of the HYPERVISOR_xen_version
hypercall fails to fully initialize all fields of structures
subsequently copied back to guest memory. Due to this hypervisor stack
contents are copied into the destination of the operation, thus
becoming visible to the guest.
IMPACT
======
A malicious guest might be able to read sensitive data relating to
other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
MITIGATION
==========
There is no mitigation available for this issue.
CREDITS
=======
This issue was discovered by Aaron Adams of NCC Group.
RESOLUTION
==========
Applying the attached patch resolves this issue.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://xenbits.xen.org/xsa/advisory-121.html
ISSUE DESCRIPTION
=================
Emulation routines in the hypervisor dealing with certain system
devices check whether the access size by the guest is a supported one.
When the access size is unsupported these routines failed to set the
data to be returned to the guest for read accesses, so that hypervisor
stack contents are copied into the destination of the operation, thus
becoming visible to the guest.
IMPACT
======
A malicious HVM guest might be able to read sensitive data relating
to other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
Only HVM guests can take advantage of this vulnerability.
Only x86 systems are vulnerable. ARM systems are not vulnerable.
CREDITS
=======
This issue was discovered by Jan Beulich of SUSE
ISSUE DESCRIPTION
=================
The code handling certain sub-operations of the HYPERVISOR_xen_version
hypercall fails to fully initialize all fields of structures
subsequently copied back to guest memory. Due to this hypervisor stack
contents are copied into the destination of the operation, thus
becoming visible to the guest.
IMPACT
======
A malicious guest might be able to read sensitive data relating to
other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
MITIGATION
==========
There is no mitigation available for this issue.
CREDITS
=======
This issue was discovered by Aaron Adams of NCC Group.
RESOLUTION
==========
Applying the attached patch resolves this issue.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://xenbits.xen.org/xsa/advisory-121.html
ISSUE DESCRIPTION
=================
Emulation routines in the hypervisor dealing with certain system
devices check whether the access size by the guest is a supported one.
When the access size is unsupported these routines failed to set the
data to be returned to the guest for read accesses, so that hypervisor
stack contents are copied into the destination of the operation, thus
becoming visible to the guest.
IMPACT
======
A malicious HVM guest might be able to read sensitive data relating
to other guests.
VULNERABLE SYSTEMS
==================
Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.
Only HVM guests can take advantage of this vulnerability.
Only x86 systems are vulnerable. ARM systems are not vulnerable.
CREDITS
=======
This issue was discovered by Jan Beulich of SUSE
Last edited by a moderator:
