From 3de67830f6ad6477d1d87409507877c430666a92 Mon Sep 17 00:00:00 2001 From: Yonghua Huang Date: Fri, 27 Mar 2020 10:40:40 +0800 Subject: [PATCH] doc: update security advisory for v1.6 release Update mitigations for security vulnerabilities for ACRN v.16 release. Signed-off-by: Yonghua Huang --- doc/asa.rst | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/doc/asa.rst b/doc/asa.rst index a1c1ce56a..85dda44e6 100644 --- a/doc/asa.rst +++ b/doc/asa.rst @@ -3,9 +3,33 @@ Security Advisory ***************** -We recommend that all developers upgrade to this v1.4 release, which addresses the following security +We recommend that all developers upgrade to this v1.6 release, which addresses the following security issues that were discovered in previous releases: +Hypervisor Crashed When Fuzzing HC_DESTROY_VM + The input 'vdev->pdev' shall be validated properly when handling HC_SET_PTDEV_INTR_INFO, + to insure physical device is linked to 'vdev', otherwise hypervisor will crash when fuzzing + hypercall HC_DESTROY_VM with crafted input. + + | **Affected Release:** v1.5 and earlier. + | Upgrade to ACRN release v1.6. + +Hypervisor Crashed When Fuzzing HC_VM_WRITE_PROTECT_PAGE + The input GPA is not validated when handling this hypercall, Invalid GPA that is not + in the scope of the target VM's EPT address space results in hypervisor crash when + handing this hypercall. + + | **Affected Release:** v1.4 and earlier. + | Upgrade to ACRN release v1.6. + +Hypervisor Crashed When Fuzzing HC_NOTIFY_REQUEST_FINISH + The input is not validated properly when handing this hypercall, 'vcpu_id' shall be + less than 'vm->hw.created_vcpus' instead of 'MAX_VCPUS_PER_VM'. When the software + fails to validate input properly, hypervisor will crash when handling crafted inputs. + + | **Affected Release:** v1.4 and earlier. + | Upgrade to ACRN release v1.6. + Mitigation for Machine Check Error on Page Size Change Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Malicious guest kernel could trigger this issue, CVE-2018-12207.