REDHAT-BUG-1196266
First published: Wed Feb 25 2015(Updated: )
ISSUE DESCRIPTION ================= Guests are currently permitted to modify all of the (writable) bits in the PCI command register of devices passed through to them. This in particular allows them to disable memory and I/O decoding on the device unless the device is an SR-IOV virtual function, in which case subsequent accesses to the respective MMIO or I/O port ranges would - - on PCI Express devices - lead to Unsupported Request responses. The treatmeant of such errors is platform specific. IMPACT ====== In the event that the platform surfaces aforementioned UR responses as Non-Maskable Interrupts, and either the OS is configured to treat NMIs as fatal or (e.g. via ACPI's APEI) the platform tells the OS to treat these errors as fatal, the host would crash, leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Upstream Linux versions 3.1 and onwards are vulnerable due to supporting PCI backend functionality. Other Linux versions as well as other OS versions may be vulnerable too. Any domain which is given access to a non-SR-IOV virtual function PCI Express device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI Express devices other than SR-IOV virtual functions to untrusted guests. RESOLUTION ========== Applying the attached patch resolves this issue for upstream Linux. xsa120.patch Linux 3.19 $ sha256sum xsa120*.patch 5167215293d4a8a05f090fca5b20eb5878213a0158a0e7a12c245553db81a855 xsa120.patch
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen xen-unstable | >=3.3 | |
| Linux Linux | >=3.1 | |
| Linux Linux | >=3.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995253
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995253&action=edit
- https://access.redhat.com/support/policy/updates/errata/
- http://xenbits.xen.org/xsa/advisory-120.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1200397
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009512
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009512&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009513
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009513&action=edit
- http://xenbits.xen.org/xsa/advisory-157.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1292439
- https://bugzilla.redhat.com/show_bug.cgi?id=1196266
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-2150
- agent/source
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/xen
- canonical/xen xen-unstable
- vendor/linux
- canonical/linux linux