Information

AdvisoryXSA-283
Public release 2019-02-22 17:42
Updated 2019-02-22 17:42
Version 2
CVE(s) -
Title Withdrawn Xen Security Advisory number

Files

advisory-283.txt (signed advisory file)
xsa283.patch-withdrawn

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                 Xen Security Advisory XSA-283
                           version 2

              Withdrawn Xen Security Advisory number

SUMMARY
=======

The advisory XSA-283 has been withdrawn.

This is because, on further analysis, we have determined that the
advisory was issued in error: there is no security issue.

UPDATES IN VERSION 2
====================

Advisory withdrawn.

DESCRIPTION
===========

XSA-283 stated:

        VT-d: Incorrect accesses into the Interrupt Remapping table

   A VT-d IOMMU has several tables in main RAM, which are configured by the
   driver when it starts.  The tables are required to be aligned on a 4k
   boundary, and the control registers in the IOMMU which point to them use
   the bottom 12 bits for additional metadata.

   Unfortunately, Xen's VT-d driver includes this metadata in its base
   pointer to the table, resulting in incorrect calculations when indexing
   into the table.

Upon closer inspection, due to the particular way the calculations are
implemented, the "metadata" components end up being eliminated without
affecting the final result.

IMPLICATIONS
============

XSA-283 does not describe any security or functional issue.

The previously declared embargo for XSA-283 is vacated.
Anyone who has information relating to XSA-283 may publish it.

NB: there are other advisories are with the same embargo date.
Those advisories stand, and their embargoes REMAIN IN FORCE.

STATUS OF THE PATCHES
=====================

The patch previously published under embargo in XSA-283 is not
necessary.  However, it is harmless; indeed it improves code clarity
and is likely to be included in future Xen releases in some form.

In the interests of transparency, the patch is attached:

$ sha256sum xsa283*
97069456b91064450b6da1e9834f0ab91270f3b93962ca66f2eb9315cf133055  xsa283.patch-withdrawn
$

There is no need to apply this patch.
If you have already applied it, there is no need to revert it.

CREDITS
=======

Thanks to Pawel Wieczorkiewicz and Uwe Dannowski, both of Amazon, for
pointing out that there was no actual security issue.
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAlxwNH8MHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ9TkH/iGiPQgUhfvBOQamhBAbeCJ4877+lM+HSln3UiUy
hBvsA6mQCOsNKS2qUXQ8txE2w459V6DYbsmqFPRXLAaF7B+QMK6zPfICxwbCkyii
24qoITatBKvPpEhqzoM6VvkjpuUOi9+n41d/JVcyE53yAuA4R+bR9c36cz1j+j8J
Sd1Betvb5C51V6VQXjL/2zVb/v/fz5tuutIDC+jc7J1eHi7rN31TqizvuF19DQUu
YvSyUjfX2tSlzSp2oJ/uG1wZrAd0Ah+scViSZd6FUsCZyCiHsU02kG0zKfhXCsQ2
+3UkI+WylK2n664uUJAtvvYBkpnGejg224jqasrzGhjZASI=
=+3TC
-----END PGP SIGNATURE-----


Xenproject.org Security Team