FreeBSD : xen-tools -- Unmediated PCI command register access in qemu (79f401cd-27e6-11e5-a4a5-002590263bf5)

medium Nessus Plugin ID 84705

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Xen Project reports :

HVM guests are currently permitted to modify the memory and I/O decode bits in the PCI command register of devices passed through to them.
Unless the device is an SR-IOV virtual function, after disabling one or both of these bits subsequent accesses to the MMIO or I/O port ranges would - on PCI Express devices - lead to Unsupported Request responses. The treatment of such errors is platform specific.

Furthermore (at least) devices under control of the Linux pciback driver in the host are handed to guests with the aforementioned bits turned off. This means that such accesses can similarly lead to Unsupported Request responses until these flags are set as needed by the guest.

In the event that the platform surfaces aforementioned UR responses as Non-Maskable Interrupts, and either the OS is configured to treat NMIs as fatal or (e.g. via ACPI's APEI) the platform tells the OS to treat these errors as fatal, the host would crash, leading to a Denial of Service.

Solution

Update the affected package.

See Also

http://xenbits.xen.org/xsa/advisory-126.html

http://www.nessus.org/u?d81380f2

Plugin Details

Severity: Medium

ID: 84705

File Name: freebsd_pkg_79f401cd27e611e5a4a5002590263bf5.nasl

Version: 2.4

Type: local

Published: 7/14/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-tools, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/11/2015

Vulnerability Publication Date: 3/31/2015

Reference Information

CVE: CVE-2015-2756