Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls
From: cve-assign () mitre org
Date: Fri, 7 Feb 2014 16:11:32 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are the four CVE assignments for XSA-84 (as well as the
one CVE assignment for XSA-85 and the one CVE assignment for XSA-86).

http://xenbits.xen.org/xsa/advisory-84.html
XSA-84

The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID
suboperations of the flask hypercall are vulnerable to an integer
overflow on the input size. The hypercalls attempt to allocate a
buffer which is 1 larger than this size and is therefore vulnerable to
integer overflow and an attempt to allocate then access a zero byte
buffer.

Use CVE-2014-1891.


Xen 3.3 through 4.1 ... expose unreasonably large memory allocation
to arbitrary guests.

Use CVE-2014-1892.


Xen 3.3 through 4.1, while not affected by the above overflow, have a
different overflow issue on FLASK_{GET,SET}BOOL

Use CVE-2014-1893.


Xen 3.2 (and presumably earlier) exhibit both problems, with the
overflow issue being present for more than just the suboperations
listed above.

the part of the 3.2 problems associated with the first overflow, for
FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID, is within
the scope of CVE-2014-1891

the part of the 3.2 problems associated with unreasonably large memory
allocation is within the scope of CVE-2014-1892

the part of the 3.2 problems associated with the second overflow, for
FLASK_{GET,SET}BOOL, is within the scope of CVE-2014-1893

all other vectors (e.g., other suboperations) that can lead to integer
overflows in 3.2, even if they are related to the first overflow or
related to the second overflow, have CVE-2014-1894 assigned now


http://xenbits.xen.org/xsa/advisory-85.html
XSA-85
Off-by-one error in FLASK_AVC_CACHESTAT hypercall

Use CVE-2014-1895.


http://xenbits.xen.org/xsa/advisory-86.html
XSA-86
libvchan failure handling malicious ring indexes

Use CVE-2014-1896.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS9UueAAoJEKllVAevmvms9ssIALQ0vssHk8Uuf85hjGAYF7O5
UsetuaIyFYwy7U1xRxpwW9YEWoMELtylpOHViZUBpjMAPjmO4rXNs4J/avcfnh/J
PPD3vl9aoUfA0hFqaR0jAIPld89SbOZA6Fvs23KcU3F9KOVvaD//3RBe3ticeSNQ
N4QlRw1Cu9pQSveu3B9a6yt4OmQkuuWPSRu7KBUACohRF73JCZCN3TeUe7RqGp/L
r9uN5hbsPCqnW2W4FPmQVGaD5BmrlETYcJM1YkdUoLVCeR+Fi0iyPZtrKMTUZ4h8
XzAEovLRX7un3BbzxTifyls4Z/oQrD0cQ1QE1cGAA6kqYphK8h1VMUFGwXMpZDE=
=yP8u
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]