OVMSA-2017-0009 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2017-01-12 |
Description
[4.1.3-25.el5.223.49]
- From: Jan Beulich
Subject: x86: force EFLAGS.IF on when exiting to PV guests
Guest kernels modifying instructions in the process of being emulated
for another of their vCPU-s may effect EFLAGS.IF to be cleared upon
next exiting to guest context, by converting the being emulated
instruction to CLI (at the right point in time). Prevent any such bad
effects by always forcing EFLAGS.IF on. And to cover hypothetical other
similar issues, also force EFLAGS.{IOPL,NT,VM} to zero.
This is XSA-202.
Signed-off-by: Jan Beulich
Conflict:
xen/arch/x86/x86_64/compat/entry.S
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 25235039] {CVE-2016-10024}
[4.1.3-25.el5.223.48]
- From 4d246723a85a03406e4969a260291e11b8e05960 Mon Sep 17 00:00:00 2001
x86: use MOV instead of PUSH/POP when saving/restoring register state
Signed-off-by: Jan Beulich
Acked-by: Keir Fraser
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 25235039] {CVE-2016-10024}
[4.1.3-25.el5.223.47]
- From: Andrew Cooper
Date: Sun, 18 Dec 2016 15:42:59 +0000
Subject: [PATCH] x86/emul: Correct the handling of eflags with SYSCALL
A singlestep #DB is determined by the resulting eflags value from the
execution of SYSCALL, not the original eflags value.
By using the original eflags value, we negate the guest kernels attempt to
protect itself from a privilege escalation by masking TF.
Introduce a tf boolean and have the SYSCALL emulation recalculate it
after the instruction is complete.
This is XSA-204
Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
Conflict:
xen/arch/x86/x86_emulate/x86_emulate.c
Backported-by: Zhenzhong Duan
Reviewed-by: Boris Ostrovsky [bug 25294913] {CVE-2016-10013}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.2 (x86_64) | xen-4.1.3-25.el5.223.49.src.rpm | 20e642f501f33cba11bc10e52cb530cc7f60b1985ea2be18fedb1fc211c58967 | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
| xen-4.1.3-25.el5.223.49.x86_64.rpm | 10ae88284c51cabc534d6298a04b211f0eb69121115ae7039631275cbca4ab14 | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
| xen-devel-4.1.3-25.el5.223.49.x86_64.rpm | e21ce2f6b95ee0e139f76fabc81ffe0434e19d063529125f086303fdcaf13dd2 | OVMSA-2019-0048 | ovm3_3.2.1_x86_64_patch |
| xen-tools-4.1.3-25.el5.223.49.x86_64.rpm | 6b809e0a56c1b08b88257e02c7818bae1f140fb3e66f860da147c0ee27b53893 | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
