xen/CVE-2013-0151-xsa34.patch
Charles Arnold 598a3740c6 - bnc#797285 - VUL-0: Xen: XSA-34 (CVE-2013-0151) - nested
virtualization on 32-bit exposes host crash
  CVE-2013-0151-xsa34.patch
- bnc#797287 - VUL-0: Xen: XSA-35 (CVE-2013-0152) - Nested HVM
  exposes host to being driven out of memory by guest
  CVE-2013-0152-xsa35.patch

- bnc#793717 - NetWare will not boot on Xen 4.2 
  xnloader.py
  domUloader.py
  pygrub-netware-xnloader.patch
  Removed reverse-24757-use-grant-references.patch

- bnc#797523 - VUL-1: CVE-2012-6075: qemu / kvm-qemu: e1000
  overflows under some conditions
  CVE-2012-6075-xsa41.patch

- Mask the floating point exceptions for guests like NetWare on
  machines that support XSAVE.
  x86-fpu-context-conditional.patch 

- fate##313584: pass bios information to XEN HVM guest 
  26341-hvm-firmware-passthrough.patch
  26342-hvm-firmware-passthrough.patch
  26343-hvm-firmware-passthrough.patch
  26344-hvm-firmware-passthrough.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=223
2013-01-22 15:40:06 +00:00

33 lines
1.0 KiB
Diff

References: CVE-2013-0151 XSA-34 bnc#797285
x86_32: don't allow use of nested HVM
There are (indirect) uses of map_domain_page() in the nested HVM code
that are unsafe when not just using the 1:1 mapping.
This is XSA-34 / CVE-2013-0151.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3930,6 +3930,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
rc = -EINVAL;
break;
case HVM_PARAM_NESTEDHVM:
+#ifdef __i386__
+ if ( a.value )
+ rc = -EINVAL;
+#else
if ( a.value > 1 )
rc = -EINVAL;
if ( !is_hvm_domain(d) )
@@ -3944,6 +3948,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
for_each_vcpu(d, v)
if ( rc == 0 )
rc = nestedhvm_vcpu_initialise(v);
+#endif
break;
case HVM_PARAM_BUFIOREQ_EVTCHN:
rc = -EINVAL;