CVE-2016-2270 / XSA-154

Bug #1564909 reported by Philipp Hahn
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

<http://xenbits.xen.org/xsa/advisory-154.html> seems to be unfixed in xen-4.1.6.1
x86: inconsistent cachability flags on guest mappings

Tags: patch
Revision history for this message
Philipp Hahn (pmhahn) wrote :
Revision history for this message
Philipp Hahn (pmhahn) wrote :

backport be640b1

Revision history for this message
Philipp Hahn (pmhahn) wrote :

backport 541ce47

Revision history for this message
Philipp Hahn (pmhahn) wrote :

backport 7f107ea

Revision history for this message
Philipp Hahn (pmhahn) wrote :

backport 70622118ee7bb925205c5d8c1e7bec82fc257351

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This was fixed by the following update:

xen (4.1.6.1-0ubuntu0.12.04.10) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: make get_page_from_l1e() return a proper error code
      * x86: make mod_l1_entry() return a proper error code
      * x86/mm: fix mod_l1_entry() return value when encountering r/o MMIO
        page
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <email address hidden> Thu, 25 Feb 2016 09:25:57 +0100

information type: Private Security → Public Security
Changed in xen (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.