资产安全
商业安全
安全服务
返回- 发布日期2023-10-10
- 感知时间2023-10-10
- 漏洞类型安全更新
- 风险等级未知
- 更新版本未知
- 情报贡献TSRC
x86/AMD: missing IOMMU TLB flushing
<br/><br/><br/>XSA-442 - Xen Security Advisories<br/><br/><br/><br/>InformationAdvisory XSA-442Public release 2023-10-10 11:26Updated 2023-10-10 11:26Version 2CVE(s) CVE-2023-34326Title x86/AMD: missing IOMMU TLB flushingFilesadvisory-442.txt (signed advisory file)xsa442.patchxsa442-4.15.patchxsa442-4.17.patchAdvisory-----BEGIN PGP SIGNED MESSAGE-----<br/>Hash: SHA256<br/><br/> Xen Security Advisory CVE-2023-34326 / XSA-442<br/> version 2<br/><br/> x86/AMD: missing IOMMU TLB flushing<br/><br/>UPDATES IN VERSION 2<br/>====================<br/><br/>Public release.<br/><br/>ISSUE DESCRIPTION<br/>=================<br/><br/>The caching invalidation guidelines from the AMD-Vi specification (48882—Rev<br/>3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction<br/>(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU<br/>TLB is not flushed.<br/><br/>Such stale DMA mappings can point to memory ranges not owned by the guest, thus<br/>allowing access to unindented memory regions.<br/><br/>IMPACT<br/>======<br/><br/>Privilege escalation, Denial of Service (DoS) affecting the entire host,<br/>and information leaks.<br/><br/>VULNERABLE SYSTEMS<br/>==================<br/><br/>All Xen versions supporting PCI passthrough are affected.<br/><br/>Only x86 AMD systems with IOMMU hardware are vulnerable.<br/><br/>Only x86 guests which have physical devices passed through to them can<br/>leverage the vulnerability.<br/><br/>MITIGATION<br/>==========<br/><br/>Not passing through physical devices to guests will avoid the vulnerability.<br/><br/>CREDITS<br/>=======<br/><br/>This issue was discovered by Roger Pau Monné of XenServer.<br/><br/>RESOLUTION<br/>==========<br/><br/>Applying the appropriate attached patch resolves this issue.<br/><br/>Note that patches for released versions are generally prepared to<br/>apply to the stable branches, and may not apply cleanly to the most<br/>recent release tarball. Downstreams are encouraged to update to the<br/>tip of the stable branch before applying these patches.<br/><br/>xsa442.patch xen-unstable<br/>xsa442-4.17.patch Xen 4.17.x - Xen 4.16.x<br/>xsa442-4.15.patch Xen 4.15.x<br/><br/>$ sha256sum xsa442*<br/>e897c24953f33e24557666975662f74bd634e354108e7df293c1f56179ee97a9 xsa442.patch<br/>e7413df9a217d674f8fa71cdcc18adc98201f4fca502a3bb632424e8afc32717 xsa442-4.15.patch<br/>0690fab47c521cae2e14e4c0cf5fcb16a7e4278ef057413ce42e0611b0739070 xsa442-4.17.patch<br/>$<br/><br/>DEPLOYMENT DURING EMBARGO<br/>=========================<br/><br/>Deployment of the patches and/or mitigations described above (or<br/>others which are substantially similar) is permitted during the<br/>embargo, even on public-facing systems with untrusted guest users and<br/>administrators.<br/><br/>But: Distribution of updated software is prohibited (except to other<br/>members of the predisclosure list).<br/><br/>Predisclosure list members who wish to deploy significantly different<br/>patches and/or mitigations, please contact the Xen Project Security<br/>Team.<br/><br/>(Note: this during-embargo deployment notice is retained in<br/>post-embargo publicly released Xen Project advisories, even though it<br/>is then no longer applicable. This is to enable the community to have<br/>oversight of the Xen Project Security Team&#39;s decisionmaking.)<br/><br/>For more information about permissible uses of embargoed information,<br/>consult the Xen Project community&#39;s agreed Security Policy:<br/> http://www.xenproject.org/security-policy.html<br/>-----BEGIN PGP SIGNATURE-----<br/><br/>iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmUlNOoMHHBncEB4ZW4u<br/>b3JnAAoJEIP+FMlX6CvZ9rkH/RHZ6djmDOQJhRPgxJnzXnkgd36RNXkZtnMzVeYD<br/>V4FP0QwvrkEjTfcPy/iDzkpbL9YPcr8DcXubmOuI+VxjFAlIyVkRIqOMaVKH509V<br/>ewlSMXhCLI+yG6s61K0PqQO4KPtzpKXlevqsSn/HF8ZCIyxXvd3UfNX08342RZZZ<br/>Aw6Wr6Q08TvDWE4CTuc1jxTcRiTHvdSd2rSAZznJbaluL/wmgoGvI2mG/NmYPe6E<br/>aItatb9C0mPfmT/meqa3JOzJ/IOfFw+TGPkXvfTu5C2b8aCfXjcGf26r33mvkQO8<br/>A4wKf6wisxs8ZVl0qDB0u+u2N8ihUfjopLH7QTiQzg4StyY=<br/>=oXbA<br/>-----END PGP SIGNATURE-----<br/>Xenproject.org Security Team<br/><br/>
Xen 是一个开放源代码虚拟机监视器,由剑桥大学开发。它打算在单个计算机上运行多达100个满特征的操作系统。操作系统必须进行显式地修改(“移植”)以在Xen上运行(但是提供对用户应用的兼容性)。这使得Xen无需特殊硬件支持,就能达到高性能的虚拟化。
<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34326">CVE-2023-34326</a></p>
暂无
暂无
http://xenbits.xen.org/xsa/advisory-442.html
微信扫码关注公众号
