FreeBSD : xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible (d40c66cb-27e4-11e5-a4a5-002590263bf5)

medium Nessus Plugin ID 84715

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Xen Project reports :

The XEN_DOMCTL_memory_mapping hypercall allows long running operations without implementing preemption.

This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly exposed to those guests.

This can cause a physical CPU to become busy for a significant period, leading to a host denial of service in some cases.

If a host denial of service is not triggered then it may instead be possible to deny service to the domain running the device model, e.g.
domain 0.

This hypercall is also exposed more generally to all toolstacks.
However the uses of it in libxl based toolstacks are not believed to open up any avenue of attack from an untrusted guest. Other toolstacks may be vulnerable however.

The vulnerability is exposed via HVM guests which have a PCI device assigned to them. A malicious HVM guest in such a configuration can mount a denial of service attack affecting the whole system via its associated device model (qemu-dm).

A guest is able to trigger this hypercall via operations which it is legitimately expected to perform, therefore running the device model as a stub domain does not offer protection against the host denial of service issue. However it does offer some protection against secondary issues such as denial of service against dom0.

Solution

Update the affected packages.

See Also

http://xenbits.xen.org/xsa/advisory-125.html

http://www.nessus.org/u?5069dfa0

Plugin Details

Severity: Medium

ID: 84715

File Name: freebsd_pkg_d40c66cb27e411e5a4a5002590263bf5.nasl

Version: 2.5

Type: local

Published: 7/14/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:xen-kernel, p-cpe:/a:freebsd:freebsd:xen-tools

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/11/2015

Vulnerability Publication Date: 3/31/2015

Reference Information

CVE: CVE-2015-2752