-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2014-3672 / XSA-180 version 2 Unrestricted qemu logging UPDATES IN VERSION 2 ==================== Normalize version tags. ISSUE DESCRIPTION ================= When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. IMPACT ====== The disk containing the logfile can be exausted, possibly causing a denial-of-service (DoS). VULNERABLE SYSTEMS ================== All versions of Xen are affected. Only x86 systems are affected; ARM systems are not affected. Only systems running HVM guests are affected; systems running only PV guests are not affected. Both qemu-upstream and qemu-traditional are affected. MITIGATION ========== Running only PV guests will avoid this vulnerability. CREDITS ======= This issue was discovered by Andrew Sorensen of leviathansecurity.com. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. The patches adopt a simple and rather crude approach which is effective at resolving the security issue in the context of a Xen device model. They may not be appropriate for adoption upstream or in other contexts. xsa180-qemut.patch qemu-xen-traditional (all supported versions) xsa180-qemuu.patch qemu-xen master $ sha256sum xsa180* 7733fd57868c4313c7c47ccde3aba21e9ed5002ee8a937b20997fb3d2282a5d7 xsa180-qemut.patch 7a92bbd3b6368f91e694400c8e850567972e14852e4f61fbb61cc3b7b98f14ef xsa180-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b/IMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZCDkH/j6mf9xGcnIhfDhuyR1Ln63iWXj7/G3GTJH5poGY iJHurRYdA5ShJSOOYjOPw/B94llP01v3fXYl8860warrzG4Lg7daIwU0fqVypf3b e74J5TA89pq6xrALIjExPKCEh3TouXcFG+5IoIDmXdEEYX9AQ1ommMHY0/aUzr1A bUt4UlG569qgQl2yYpkziI/07hbYy9MPmiKtenFBDk8PwQwUo7mfnBxzpnnph/QZ wUVsqSIaK4NRIJURwGcjSM5hEQCwGuLpdZVY88lsIdy83HEFmFUS/OEJvx2XV8j9 q48IgXxgzdwvxDgjMAptr8qCq9GgMtbW+4cIP5uPGmvLrKU= =Qnfn -----END PGP SIGNATURE-----