Information

Advisory XSA-63
Public release 2013-09-30 10:04
Updated 2023-12-15 15:35
Version 4
CVE(s) CVE-2013-4355
Title Information leaks through I/O instruction emulation

Files

advisory-63.txt (signed advisory file)
xsa63.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

              Xen Security Advisory CVE-2013-4355 / XSA-63
                                version 4

         Information leaks through I/O instruction emulation

UPDATES IN VERSION 4
====================

Normalize version tag to say "xen-unstable".

ISSUE DESCRIPTION
=================

Insufficient or missing error handling in certain routines dealing
with guest memory reads can lead to uninitialized data on the
hypervisor stack (potentially containing sensitive data from prior
work the hypervisor performed) being copied to guest visible storage.

This allows a malicious HVM guest to craft certain operations (namely,
but not limited to, port or memory mapped I/O writes) involving
physical or virtual addresses that have no actual memory associated
with them, so that hypervisor stack contents are copied into the
destination of the operation, thus becoming visible to the guest.

IMPACT
======

A malicious HVM guest might be able to read sensitive data relating
to other guests.

VULNERABLE SYSTEMS
==================

Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.

Only HVM guests can take advantage of this vulnerability.

MITIGATION
==========

Running only PV guests will avoid this issue.

CREDITS
=======

This issue was discovered by Coverity Scan and diagnosed by Andrew
Cooper & Tim Deegan.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa63.patch        Xen 4.2.x, 4.3.x, and xen-unstable

$ sha256sum xsa63*.patch
32fa93d8ebdfbe85931c52010bf9e561fdae8846462c5b1f2fbc217ca36f3005  xsa63.patch
$
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+kMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZp1oIAIImYB35uDfm/MnloIJrBCG0RDn2LuU5s4J5tTVn
+rDgec0rIEUCoMhFEIHS3RpPSDKCpS7qALkuljKaghtUP2cYm4R2uEEaK1d4a1Kn
AZM3WXCOmVPjJwcadkxY2PxntjMNe3MuOb9ysM2x+uF/nEpbneVKOcsMETIqnmCa
BgPCJm3ARuPwIzTHYnA5WmPmKY3V7oXEMzz8vza1YotLQAgnFES+4LrBLbqYMqza
a35Ofn9T3YK72e5cZzokPfli+mzDHRmhgN8yypWYqGapNTsPBffJ2oLUV//Q2cG8
OuxY608bgve12SQLlx6Iskawgs/G6Lcz7QDqBtA9ddpOIWI=
=uDak
-----END PGP SIGNATURE-----

Xenproject.org Security Team