CVE-2013-2212 / XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough

Bug #1564822 reported by Philipp Hahn on 2016-04-01
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xen (Ubuntu)
Undecided
Unassigned
Precise
Medium
Unassigned

Bug Description

<http://xenbits.xen.org/xsa/advisory-60.html> doesn't seem to be fixed in xen-4.1.6.1
The fixes were committed post RELEASE-4.1.6.1:

$ git log --oneline --grep XSA-60 origin/staging-4.1
684b40e VMX: fix cr0.cd handling
8829f8e VMX: remove the problematic set_uc_mode logic
649e7ae VMX: disable EPT when !cpu_has_vmx_pat

$ git describe 649e7ae 8829f8e 684b40e
RELEASE-4.1.6.1-11-g649e7ae
RELEASE-4.1.6.1-12-g8829f8e
RELEASE-4.1.6.1-13-g684b40e

This is <https://launchpad.net/bugs/cve/CVE-2013-2212>

CVE References

Philipp Hahn (pmhahn) on 2016-04-01
summary: - Incomplete CVE-2013-2212 / XSA-60: Excessive time to disable caching
- with HVM guests with PCI passthrough ?
+ CVE-2013-2212 / XSA-60: Excessive time to disable caching with HVM
+ guests with PCI passthrough
Changed in xen (Ubuntu):
status: New → Confirmed
information type: Private Security → Public Security
Stefan Bader (smb) on 2016-06-07
Changed in xen (Ubuntu Precise):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Stefan Bader (smb)
Changed in xen (Ubuntu):
status: Confirmed → Fix Released
Stefan Bader (smb) on 2016-06-07
Changed in xen (Ubuntu Precise):
status: In Progress → Fix Committed
Stefan Bader (smb) wrote :

Released in xen-4.1.6.1-0ubuntu0.12.04.11

Changed in xen (Ubuntu Precise):
assignee: Stefan Bader (smb) → nobody
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers