The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2016-7094

Xen: denial of service via HVM sh_ctxt->seg_reg

Synthesis of the vulnerability

An attacker, who is privileged in a guest system, can generate a fatal error via HVM sh_ctxt->seg_reg of Xen, in order to trigger a denial of service on the host system.
Severity of this announce: 1/4.
Creation date: 08/09/2016.
Références of this computer vulnerability: CERTFR-2016-AVI-301, CERTFR-2016-AVI-303, CTX216071, CVE-2016-7094, DLA-614-1, DSA-3663-1, FEDORA-2016-1c3374bcb9, FEDORA-2016-7d2c67d1f5, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, SUSE-SU-2016:2473-1, SUSE-SU-2016:2507-1, SUSE-SU-2016:2528-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2725-1, VIGILANCE-VUL-20551, XSA-187.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, who is privileged in a guest system, can generate a fatal error via HVM sh_ctxt->seg_reg of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

This computer weakness alert impacts software or systems such as XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.

Our Vigil@nce team determined that the severity of this weakness note is low.

The trust level is of type confirmed by the editor, with an origin of privileged shell.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat

Xen: version 4.7.1.
The version 4.7.1 is fixed:
  https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.7

Xen: version 4.6.4.
The version 4.6.4 is fixed:
  https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6

Xen: patch for HVM sh_ctxt->seg_reg.
A patch is available:
  http://xenbits.xen.org/xsa/xsa187-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
  http://xenbits.xen.org/xsa/xsa187-0002-x86-segment-Bounds-check-accesses-to-emulation-ctxt-.patch
  http://xenbits.xen.org/xsa/xsa187-4.4-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch
  http://xenbits.xen.org/xsa/xsa187-4.6-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch
  http://xenbits.xen.org/xsa/xsa187-4.7-0001-x86-shadow-Avoid-overflowing-sh_ctxt-seg.patch
  http://xenbits.xen.org/xsa/xsa187-4.7-0002-x86-segment-Bounds-check-accesses-to-emulation-ctx.patch

Citrix XenServer: patch.
A patch is indicated in information sources.

Debian 7: new xen packages.
New packages are available:
  Debian 7: xen 4.1.6.lts1-2

Debian 8: new xen packages.
New packages are available:
  Debian 8: xen 4.4.1-9+deb8u7

Fedora: new xen packages.
New packages are available:
  Fedora 23: xen 4.5.3-10.fc23
  Fedora 24: xen 4.6.3-5.fc24

openSUSE 13.2: new xen packages.
New packages are available:
  openSUSE 13.2: xen 4.4.4_05-49.1

openSUSE Leap 42.1: new xen packages (12/10/2016).
New packages are available:
  openSUSE Leap 42.1: xen 4.5.3_10-15.2

SUSE LE 11 SP2: new xen packages.
New packages are available:
  SUSE LE 11 SP2: xen 4.1.6_08-29.1

SUSE LE 11 SP3: new xen packages.
New packages are available:
  SUSE LE 11 SP3: xen 4.2.5_21-27.1

SUSE LE 11 SP4: new xen packages (12/10/2016).
New packages are available:
  SUSE LE 11 SP4: xen 4.4.4_08_3.0.101_80-40.2

SUSE LE 12: new xen packages.
New packages are available:
  SUSE LE 12 RTM: xen 4.4.4_04-22.22.2

SUSE LE 12 SP1: new xen packages (07/10/2016).
New packages are available:
  SUSE LE 12 SP1: xen 4.5.3_10-20.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer security announce. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.