598a3740c6
virtualization on 32-bit exposes host crash CVE-2013-0151-xsa34.patch - bnc#797287 - VUL-0: Xen: XSA-35 (CVE-2013-0152) - Nested HVM exposes host to being driven out of memory by guest CVE-2013-0152-xsa35.patch - bnc#793717 - NetWare will not boot on Xen 4.2 xnloader.py domUloader.py pygrub-netware-xnloader.patch Removed reverse-24757-use-grant-references.patch - bnc#797523 - VUL-1: CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions CVE-2012-6075-xsa41.patch - Mask the floating point exceptions for guests like NetWare on machines that support XSAVE. x86-fpu-context-conditional.patch - fate##313584: pass bios information to XEN HVM guest 26341-hvm-firmware-passthrough.patch 26342-hvm-firmware-passthrough.patch 26343-hvm-firmware-passthrough.patch 26344-hvm-firmware-passthrough.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=223
27 lines
818 B
Diff
27 lines
818 B
Diff
References: CVE-2013-0152 XSA-35 bnc#797287
|
|
|
|
xen: Do not allow guests to enable nested HVM on themselves
|
|
|
|
There is no reason for this and doing so exposes a memory leak to
|
|
guests. Only toolstacks need write access to this HVM param.
|
|
|
|
This is XSA-35 / CVE-2013-0152.
|
|
|
|
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
|
Acked-by: Jan Beulich <JBeulich@suse.com>
|
|
|
|
--- a/xen/arch/x86/hvm/hvm.c
|
|
+++ b/xen/arch/x86/hvm/hvm.c
|
|
@@ -3930,6 +3930,11 @@ long do_hvm_op(unsigned long op, XEN_GUE
|
|
rc = -EINVAL;
|
|
break;
|
|
case HVM_PARAM_NESTEDHVM:
|
|
+ if ( !IS_PRIV(current->domain) )
|
|
+ {
|
|
+ rc = -EPERM;
|
|
+ break;
|
|
+ }
|
|
#ifdef __i386__
|
|
if ( a.value )
|
|
rc = -EINVAL;
|