🔥 Burn Fat Fast. Discover How! 💪

| the new status tracking table can be accessed through. | | | Qubes OS📢

| the new status tracking table can be accessed through.
|
| For 32-bit guests on x86, translation of requests has to occur because
| the interface structure layouts commonly differ between 32- and 64-bit.
|
| The translation of the request to obtain the frame numbers of the
| grant status table involves translating the resulting array of frame
| numbers. Since the space used to carry out the translation is limited,
| the translation layer tells the core function the capacity of the array
| within translation space. Unfortunately the core function then only
| enforces array bounds to be below 8 times the specified value, and would
| write past the available space if enough frame numbers needed storing.
|
| Malicious or buggy guest kernels may be able to mount a Denial of
| Service (DoS) attack affecting the entire system. Privilege escalation
| and information leaks cannot be ruled out.


Impact
=======

XSA-378:

As the Xen Security Team explains, "The precise impact is system
specific, but can - on affected systems - be any or all of privilege
escalation, denial of service, or information leaks." Only a guest
with a PCI device can leverage this vulnerability, such as sys-net
or sys-usb in a default Qubes OS configuration.

XSA-379:

As the Xen Security Team explains, "A malicious guest may be able to
elevate its privileges to that of the host, cause host or guest Denial
of Service (DoS), or cause information leaks."

XSA-382:

Similar to the XSA-379. XSA-382 affects only Xen version 4.10 or newer,
thus only Qubes OS R4.1 is affected.


Discussion
===========

This is yet another set of problems related to grant tables v2. Since
none of the software included in Qubes OS uses this feature (both Linux
and Windows use grant tables v1), we have decided to disable grant
tables v2 in Xen globally in addition to apply the specific patches
described above.


Credits
========

See the original Security Advisories.


References
===========

[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/updating-qubes-os/
[3] https://xenbits.xen.org/xsa/advisory-378.html
[4] https://xenbits.xen.org/xsa/advisory-379.html
[5] https://xenbits.xen.org/xsa/advisory-382.html

--
The Qubes Security Team
https://www.qubes-os.org/security/
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.