OVMSA-2016-0172

OVMSA-2016-0172 - xen security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2016-12-07

Description


[4.1.3-25.el5.223.45]
- qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
On x86, ioport addresses are 16-bit. That these functions take 32-bit
arguments is a mistake. Changing the argument type to 16-bit will
discard the top bits of any erroneous values from elsewhere in qemu.
Also, check just before use that the value is in range. (This turns
an ill-advised change to MAX_IOPORTS into a possible guest crash
rather than a privilege escalation vulnerability.)
And, in the Xen ioreq processor, clamp incoming ioport addresses to
16-bit values. Xen will never write >16-bit values but the guest may
have access to the ioreq ring. We want to defend the rest of the qemu
code from wrong values.
This is XSA-199.
Signed-off-by: Ian Jackson
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 25149333] {CVE-2016-9637}


Related CVEs


CVE-2016-9637

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle VM 3.2 (x86_64) xen-4.1.3-25.el5.223.45.src.rpm812bdff8e9b8975fbe4066387576bde70dc3a227f5200cc4ab645480a7a88998OVMBA-2024-0012ovm3_3.2.1_x86_64_patch
xen-4.1.3-25.el5.223.45.x86_64.rpm5250f28d9309e97a735f048e196b5b89774165a6027c0e796d33a82af20dc22eOVMBA-2024-0012ovm3_3.2.1_x86_64_patch
xen-devel-4.1.3-25.el5.223.45.x86_64.rpm66624a12de5200ea5ed0ca8a909bb22ca609cd0f3c2851020cefe1b56b56635aOVMSA-2019-0048ovm3_3.2.1_x86_64_patch
xen-tools-4.1.3-25.el5.223.45.x86_64.rpm494d3f1ea3dee2b6dbd38ca7c65318400728705b69690a0ca8513f9f269c049dOVMBA-2024-0012ovm3_3.2.1_x86_64_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete