Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0800
Linux: netback fails to honor grant mapping errors
5 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Xen
Publisher: Xen
Operating System: Linux variants
Xen
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
Original Bulletin:
http://xenbits.xen.org/xsa/advisory-367.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Xen Security Advisory XSA-367
Linux: netback fails to honor grant mapping errors
ISSUE DESCRIPTION
=================
XSA-362 tried to address issues here, but in the case of the netback
driver the changes were insufficient: It left the relevant function
invocation with, effectively, no error handling at all. As a result,
memory allocation failures there could still lead to frontend-induced
crashes of the backend.
IMPACT
======
A malicious or buggy networking frontend driver may be able to crash
the corresponding backend driver, potentially affecting the entire
domain running the backend driver. In a typical (non-disaggregated)
system that is a host-wide denial of service (DoS).
VULNERABLE SYSTEMS
==================
Linux versions from at least 2.6.39 onwards are vulnerable, when run in
PV mode. Earlier versions differ significantly in behavior and may
therefore instead surface other issues under the same conditions. Linux
run in HVM / PVH modes is not vulnerable.
MITIGATION
==========
For Linux, running the backends in HVM or PVH domains will avoid the
vulnerability. For example, by running the dom0 in PVH mode.
In all other cases there is no known mitigation.
RESOLUTION
==========
Applying the attached patch resolves this issue.
xsa367-linux.patch Linux 5.12-rc
$ sha256sum xsa367*
b0244bfddee91cd7986172893e70664b74e698c5d44f25865870f179f80f9a92 xsa367-linux.patch
$
CREDITS
=======
This issue was reported by Intel's kernel test robot and recognized as a
security issue by Jan Beulich of SUSE.
NOTE REGARDING LACK OF EMBARGO
==============================
This issue was reported publicly, before the XSA could be issued.
- -----BEGIN PGP SIGNATURE-----
iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBAuOYMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZUCAH/1zw5d2l1R3k+nvJ659plwOYDe8Cmh4GeJ02PoUv
fC/5efe7l/tXEmfg4rg5WiY8JZqQGeGmhwiOs8bI/8c5IXucaPOM1wDUaHUMkWTA
tl/P/tbDamzd1/dSK4DdILTApibU+M/nmUn0sBBYpu53VUbeyXq2EAtjmliKgCG9
Oo4PW4ys5ro+hwrPtYdLD1ktIN64+C+TqkKUdJset7po5sWX4nV1Cwp/4oKaNyeF
Alh495TUCnhgc8gnXUgXhmxWKp3Iag/tHjmtu34mT5HHZdBrNBShFKhHSP5bJHE2
CxYD1b/KbkRiLPOgZXNec+ikDQT4bTCeVLpnWvOXQ1FTXR4=
=hY2s
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYEF9suNLKJtyKPYoAQhSlw/+LA1eECqYluf7nweN6wKQrBUVAQCH66uK
nqfO36RN0NYm4y1YFbAEKNJ7bOkTWCHzVUonHfoITtjei9TxZ8YNfrl7NXzlD25v
38qArCrzIxEtu109Oe0vRgfIN0EZubgT3gmDNDVL3SZNVUL4HV16eiOcLb0s0CGg
pssVKb/xIHj+q8sKGuQgHNA5DbsmUe+1R47F5uVboTCb1OkEAM/YGOodJTH/unK/
TyCah7poMNitA6Exteo416TO000NZYLXiJzJmrjkrK0RjFxaq1sDGwQT1917/ZFZ
PAo9wJUUtKyaAOPm/U+rfgtSIA9DHDk6mAPmm0RE5dbl6KL43/iK7MEzoNUQr+ms
wKSL8Kt7ZIcC5913RSwcp+yUjew9B9YMYP6mWrZdHI90PXCeWdyCSxzBK6go3WFo
mSH8ldnWW5VrtQ4sPqX958K5xoUvmqpRmUukg5S6mZJh9c866yu95ljTJX3bYprM
GAXbxgXnl6SNEg3xX3mWj/tWnmvq5sD3WShD/vA3rHjsORCgCRTO+OMjiDekTJpL
UKmPUiREOn2ddow0ML619jsywgs2mUauaOK6xTV67m9AQbqaTVE2tsT1KVc4nHCw
y46jQu7kr4oipl2s8fwlEwd/WyTP0Dmt5JkdqSF7QRI3idAf0P+6Ln+LXugaL/da
KKBPsUeTUXM=
=De0U
-----END PGP SIGNATURE-----