Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0800 Linux: netback fails to honor grant mapping errors 5 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Publisher: Xen Operating System: Linux variants Xen Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade Original Bulletin: http://xenbits.xen.org/xsa/advisory-367.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-367 Linux: netback fails to honor grant mapping errors ISSUE DESCRIPTION ================= XSA-362 tried to address issues here, but in the case of the netback driver the changes were insufficient: It left the relevant function invocation with, effectively, no error handling at all. As a result, memory allocation failures there could still lead to frontend-induced crashes of the backend. IMPACT ====== A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS). VULNERABLE SYSTEMS ================== Linux versions from at least 2.6.39 onwards are vulnerable, when run in PV mode. Earlier versions differ significantly in behavior and may therefore instead surface other issues under the same conditions. Linux run in HVM / PVH modes is not vulnerable. MITIGATION ========== For Linux, running the backends in HVM or PVH domains will avoid the vulnerability. For example, by running the dom0 in PVH mode. In all other cases there is no known mitigation. RESOLUTION ========== Applying the attached patch resolves this issue. xsa367-linux.patch Linux 5.12-rc $ sha256sum xsa367* b0244bfddee91cd7986172893e70664b74e698c5d44f25865870f179f80f9a92 xsa367-linux.patch $ CREDITS ======= This issue was reported by Intel's kernel test robot and recognized as a security issue by Jan Beulich of SUSE. NOTE REGARDING LACK OF EMBARGO ============================== This issue was reported publicly, before the XSA could be issued. - -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBAuOYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZUCAH/1zw5d2l1R3k+nvJ659plwOYDe8Cmh4GeJ02PoUv fC/5efe7l/tXEmfg4rg5WiY8JZqQGeGmhwiOs8bI/8c5IXucaPOM1wDUaHUMkWTA tl/P/tbDamzd1/dSK4DdILTApibU+M/nmUn0sBBYpu53VUbeyXq2EAtjmliKgCG9 Oo4PW4ys5ro+hwrPtYdLD1ktIN64+C+TqkKUdJset7po5sWX4nV1Cwp/4oKaNyeF Alh495TUCnhgc8gnXUgXhmxWKp3Iag/tHjmtu34mT5HHZdBrNBShFKhHSP5bJHE2 CxYD1b/KbkRiLPOgZXNec+ikDQT4bTCeVLpnWvOXQ1FTXR4= =hY2s - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYEF9suNLKJtyKPYoAQhSlw/+LA1eECqYluf7nweN6wKQrBUVAQCH66uK nqfO36RN0NYm4y1YFbAEKNJ7bOkTWCHzVUonHfoITtjei9TxZ8YNfrl7NXzlD25v 38qArCrzIxEtu109Oe0vRgfIN0EZubgT3gmDNDVL3SZNVUL4HV16eiOcLb0s0CGg pssVKb/xIHj+q8sKGuQgHNA5DbsmUe+1R47F5uVboTCb1OkEAM/YGOodJTH/unK/ TyCah7poMNitA6Exteo416TO000NZYLXiJzJmrjkrK0RjFxaq1sDGwQT1917/ZFZ PAo9wJUUtKyaAOPm/U+rfgtSIA9DHDk6mAPmm0RE5dbl6KL43/iK7MEzoNUQr+ms wKSL8Kt7ZIcC5913RSwcp+yUjew9B9YMYP6mWrZdHI90PXCeWdyCSxzBK6go3WFo mSH8ldnWW5VrtQ4sPqX958K5xoUvmqpRmUukg5S6mZJh9c866yu95ljTJX3bYprM GAXbxgXnl6SNEg3xX3mWj/tWnmvq5sD3WShD/vA3rHjsORCgCRTO+OMjiDekTJpL UKmPUiREOn2ddow0ML619jsywgs2mUauaOK6xTV67m9AQbqaTVE2tsT1KVc4nHCw y46jQu7kr4oipl2s8fwlEwd/WyTP0Dmt5JkdqSF7QRI3idAf0P+6Ln+LXugaL/da KKBPsUeTUXM= =De0U -----END PGP SIGNATURE-----