Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0582 Linux: error handling issues in blkback's grant mapping 17 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: Xen Operating System: Xen Linux variants Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-26930 Original Bulletin: http://xenbits.xen.org/xsa/advisory-365.html Comment: This advisory references vulnerabilities in the Linux kernel that also affect distributions other than Xen. It is recommended that administrators running Linux check for an updated version of the kernel for their system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-26930 / XSA-365 version 3 Linux: error handling issues in blkback's grant mapping UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error. IMPACT ====== A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In configurations without driver domains or similar disaggregation, that is a host-wide denial of sevice. Privilege escalation and information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== Linux versions from at least 3.11 onwards are vulnerable. MITIGATION ========== Reconfiguring guests to use alternative (e.g. qemu-based) backends may avoid the vulnerability. CREDITS ======= This issue was discovered by Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schonherr, all from Amazon. RESOLUTION ========== Applying the attached patch resolves this issue. xsa365-linux.patch Linux 5.11-rc - 5.10 $ sha256sum xsa365* 7e45fcf3c70eb40debe9997a1773de7c4a2edcde5c23f76aeb5c1b6e3a34a654 xsa365-linux.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. HOWEVER, deployment of the non-kernel-based backends mitigation described above is NOT permitted during the embargo on public-facing systems with untrusted guest users and administrators. This is because such a configuration change may be recognizable by the affected guests. AND: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZnpQH/jMHOQao08C5s4VlCUIDJTJ8AZXIjFKW2zOKBqt5 Gp7HiRZSLKa2s/dqxIdiVHTnMzGyFegfzK0AeLjLeftSbOANSvI9tx/S6ajOr6Mx s5j0r2JzCBsh1bULJbRV7MBVaRqyOR77i3sREu7o0uuRxMd0RNnck7rVm0slmG1P FoFfC2tF+gxnYZi8tpBS4aY/e3tZ4y+J6s0Fgyfln4p33/j1JwILzzYscGnRdDvG 31DnotOq3E+TqcTZRK4BrLJqZodZLsd9en1DriJj2dDqrobs6QS4sZkHKX20gcxC RnGvkdHXI+u/du6qpb3GHep2F5pg5+2vMzBNvxxBjr8vmi4= =HBCB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCyuCuNLKJtyKPYoAQhV/Q/+JHE8zQClcOL8LCUaDjIjIxwfu//q0xpA iItbqrycrYsM9s/Z+DetvQleNseNOxPShICRa3Jrj0zNp6s1rVN+44CpJNdJ4ieG +B44c1tfXJkBEq8pmwW7TzhtWKh6HuoeCu5wiTacfVTlcI+CTvHWsMQXoCpEiYx4 GM2fyP8BnzWEEBPMn/5evCUbRw7jF3QCQNa/Bomhw7CpCU3vYiLmzay4S4DoMXcg A6pUCaBtSBKkX+W3yZWPllKnEOUq1vyRsI68J3oy3927UdoGjUN9i+vJIhzXyU11 Wc9l0PwPAkqmFjfaGdiHogZR8GJx0uLC8TMP06GcF79mW0Ol7imDdmHe+U74EhH8 Arh+d42KLZwxbq6nDDaW6Y1Tw9TsbRlshUD2WWYtLwiL3+hetN4586xb8o/gJb1z PpR46bSkWH8g7rKbguYQogabxeV2rYUJPPRdqxu3sSWXka+IFY7h56MGrzLSV5BJ UVdOFomT+kG2+4j48eroshku0C/+U3E6fD5VXF08xe0rjAzbCcbSxl3Ko1At+fsh ok07CcCH8rAOMadxr0FdqsCEdpAG6KqyyMhO78BXl7QuVpU0/oyaPEkdOix4S0fh W0MSjwM1LFCb73ykB4zJBpuS+hE700u8GeBJVwfO1olh97WW9A8BQZThg3+r3ea2 gg4uFHyXUTA= =ZrF+ -----END PGP SIGNATURE-----