OVMSA-2017-0008 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2017-01-12 |
Description
[4.3.0-55.el6.119.65]
- From: Andrew Cooper
Date: Sun, 18 Dec 2016 15:42:59 +0000
Subject: [PATCH] x86/emul: Correct the handling of eflags with SYSCALL
A singlestep #DB is determined by the resulting eflags value from the
execution of SYSCALL, not the original eflags value.
By using the original eflags value, we negate the guest kernels attempt to
protect itself from a privilege escalation by masking TF.
Introduce a tf boolean and have the SYSCALL emulation recalculate it
after the instruction is complete.
This is XSA-204
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
Backported-by: Zhenzhong Duan [bug 25294894]
[4.3.0-55.el6.119.64]
- From: Jan Beulich
Subject: x86: force EFLAGS.IF on when exiting to PV guests
Guest kernels modifying instructions in the process of being emulated
for another of their vCPU-s may effect EFLAGS.IF to be cleared upon
next exiting to guest context, by converting the being emulated
instruction to CLI (at the right point in time). Prevent any such bad
effects by always forcing EFLAGS.IF on. And to cover hypothetical other
similar issues, also force EFLAGS.{IOPL,NT,VM} to zero.
This is XSA-202.
Signed-off-by: Jan Beulich
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 25235035]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | xen-4.3.0-55.el6.119.65.src.rpm | ed8c78db2d1d86459785987a9e487a17bd88f96580945350a35737c28839554c | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-4.3.0-55.el6.119.65.x86_64.rpm | 25771ceb83c0444794a12aaac29eaeb787c7fd13b6db1057a8ea2e3a07ea2e88 | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
| xen-tools-4.3.0-55.el6.119.65.x86_64.rpm | 15563f929b1ce65faf62eb341987abf5734892813557752632238d0d8c73004a | OVMBA-2024-0012 | ovm3_x86_64_3.3_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
