OracleVM 3.1 : xen (OVMSA-2013-0009)
Medium Nessus Plugin ID 79498
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
- oxenstored incorrect handling of certain Xenbus ring states Xen Security Advisory 38 (CVE-2013-0215) Patch xsa38.patch The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. Signed-off-by Chuck Anderson (CVE-2013-0215)
- ACPI: acpi_table_parse should return handler's error code Currently, the error code returned by acpi_table_parse's handler is ignored. This patch will propagate handler's return value to acpi_table_parse's caller. AMD,IOMMU: Clean up old entries in remapping tables when creating new interrupt mapping. When changing the affinity of an IRQ associated with a passed through PCI device, clear previous mapping. In addition, because some BIOSes may incorrectly program IVRS entries for IOAPIC try to check for entry's consistency.
Specifically, if conflicting entries are found disable IOMMU if per-device remapping table is used. If entries refer to bogus IOAPIC IDs disable IOMMU unconditionally AMD,IOMMU: Disable IOMMU if SATA Combined mode is on AMD's SP5100 chipset can be placed into SATA Combined mode that may cause prevent dom0 from booting when IOMMU is enabled and per-device interrupt remapping table is used. While SP5100 erratum 28 requires BIOSes to disable this mode, some may still use it. This patch checks whether this mode is on and, if per-device table is in use, disables IOMMU. AMD,IOMMU: Make per-device interrupt remapping table default Using global interrupt remapping table may be insecure, as described by XSA-36.
This patch makes per-device mode default. This is XSA-36 / CVE-2013-0153. (CVE-2013-0153)
SolutionUpdate the affected xen / xen-devel / xen-tools packages.