On 01/26/2015 10:51 PM, Moritz Mühlenhoff wrote: >> Moritz, >> > >> > For unstable, I've pushed the upload an d asked for an exception. > I've added the VMSVGA fixes to the security tracker, but there are also > two issues in "Core", which apply to wheezy/jessie: > > Could you please check back with upstream on CVE-2015-0377 and CVE-2015-0418? > > http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Frank from Oracle had mentioned that those 2 CVEs do not affect 4.3.x. (Please see attached email). For Wheezy, those CVE patches are included. TO quote Frank and Gianfranco's conversation: >> CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older) >> CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older) > do you have any patch for <= 4.2.x then? Attached. -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System
--- Begin Message ---Hi Gianfranco, On Wednesday 21 January 2015 14:28:53 Gianfranco Costamagna wrote: > >the most CVEs from that CPU are related to the experimental VMSVGA > >implementation. This code is not documented and not announced and > >regular users will not use it. Therefore I suggest you to just disable > >that code by setting > > > > VBOX_WITH_VMSVGA= > > VBOX_WITH_VMSVGA3D= > > > >This will automatically omit CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, > >CVE-2014-6588 and CVE-2015-0427. The actual patch to fix this code is a bit > >lengthy, therefore disabling this code is IMO the best solution. > > I presume starting from version 4.0 everything needs to be patched by > disabling it? that code does only exist in VBox 4.3.x, older branches are not affected. > >CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older) > >CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older) > > do you have any patch for <= 4.2.x then? Attached. > 4.0.10 4.1.12 4.1.18 4.3.10 4.3.14 4.3.18 These patches are against the latest code in the respective branches but I hope they apply to these old versions. Sorry but it's not possible to support such old versions, we only support the latest versions of a specific branch. > 4.3.20 (not affected at all I presume) Correct, already contains fixes for all these problems. Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val MaherIndex: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp =================================================================== --- src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) +++ src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343) @@ -1290,7 +1290,13 @@ if (rc2 == VERR_SEM_BUSY) return (uErrorCode & X86_TRAP_PF_RW) ? VINF_IOM_HC_MMIO_WRITE : VINF_IOM_HC_MMIO_READ; #endif - VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, uErrorCode, pCtxCore, GCPhysFault, iomMMIOGetRange(&pVM->iom.s, GCPhysFault)); + PIOMMMIORANGE pRange = iomMMIOGetRange(&pVM->iom.s, GCPhysFault); + if (RT_UNLIKELY(!pRange)) + { + iomUnlock(pVM); + return VERR_IOM_MMIO_RANGE_NOT_FOUND; + } + VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, uErrorCode, pCtxCore, GCPhysFault, pRange); iomUnlock(pVM); return VBOXSTRICTRC_VAL(rcStrict); }Index: include/VBox/hwacc_vmx.h =================================================================== --- include/VBox/hwacc_vmx.h (revision 96156) +++ include/VBox/hwacc_vmx.h (revision 96157) @@ -519,6 +519,12 @@ #define VMX_EXIT_WBINVD 54 /** 55 XSETBV. Guest software attempted to execute XSETBV. */ #define VMX_EXIT_XSETBV 55 +/** 57 RDRAND. Guest software attempted to execute RDRAND. */ +#define VMX_EXIT_RDRAND 57 +/** 58 INVPCID. Guest software attempted to execute INVPCID. */ +#define VMX_EXIT_INVPCID 58 +/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ +#define VMX_EXIT_VMFUNC 59 /** @} */ Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp =================================================================== --- src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156) +++ src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157) @@ -4036,6 +4036,10 @@ case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ case VMX_EXIT_VMXON: /* 27 Guest software executed VMXON. */ + case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ + case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ + case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ + case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ /** @todo inject #UD immediately */ rc = VERR_EM_INTERPRETER; break;Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp =================================================================== --- src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) +++ src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343) @@ -1305,7 +1305,13 @@ if (rc2 == VERR_SEM_BUSY) return VINF_IOM_HC_MMIO_READ_WRITE; #endif - VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMMIOGetRange(&pVM->iom.s, GCPhysFault)); + PIOMMMIORANGE pRange = iomMMIOGetRange(&pVM->iom.s, GCPhysFault); + if (RT_UNLIKELY(!pRange)) + { + iomUnlock(pVM); + return VERR_IOM_MMIO_RANGE_NOT_FOUND; + } + VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange); iomUnlock(pVM); return VBOXSTRICTRC_VAL(rcStrict); }Index: include/VBox/vmm/hwacc_vmx.h =================================================================== --- include/VBox/vmm/hwacc_vmx.h (revision 96156) +++ include/VBox/vmm/hwacc_vmx.h (revision 96157) @@ -525,6 +525,12 @@ #define VMX_EXIT_WBINVD 54 /** 55 XSETBV. Guest software attempted to execute XSETBV. */ #define VMX_EXIT_XSETBV 55 +/** 57 RDRAND. Guest software attempted to execute RDRAND. */ +#define VMX_EXIT_RDRAND 57 +/** 58 INVPCID. Guest software attempted to execute INVPCID. */ +#define VMX_EXIT_INVPCID 58 +/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ +#define VMX_EXIT_VMFUNC 59 /** @} */ Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp =================================================================== --- src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156) +++ src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157) @@ -4108,6 +4108,10 @@ case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ case VMX_EXIT_VMXON: /* 27 Guest software executed VMXON. */ + case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ + case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ + case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ + case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ /** @todo inject #UD immediately */ rc = VERR_EM_INTERPRETER; break;Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp =================================================================== --- src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) +++ src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343) @@ -1696,7 +1696,14 @@ if (rc2 == VERR_SEM_BUSY) return VINF_IOM_HC_MMIO_READ_WRITE; #endif - VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault)); + PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault); + if (RT_UNLIKELY(!pRange)) + { + IOM_UNLOCK(pVM); + return VERR_IOM_MMIO_RANGE_NOT_FOUND; + } + + VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange); IOM_UNLOCK(pVM); return VBOXSTRICTRC_VAL(rcStrict); }Index: include/VBox/vmm/hwacc_vmx.h =================================================================== --- include/VBox/vmm/hwacc_vmx.h (revision 96156) +++ include/VBox/vmm/hwacc_vmx.h (revision 96157) @@ -525,6 +525,12 @@ #define VMX_EXIT_WBINVD 54 /** 55 XSETBV. Guest software attempted to execute XSETBV. */ #define VMX_EXIT_XSETBV 55 +/** 57 RDRAND. Guest software attempted to execute RDRAND. */ +#define VMX_EXIT_RDRAND 57 +/** 58 INVPCID. Guest software attempted to execute INVPCID. */ +#define VMX_EXIT_INVPCID 58 +/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ +#define VMX_EXIT_VMFUNC 59 /** @} */ Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp =================================================================== --- src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156) +++ src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157) @@ -4112,6 +4112,10 @@ case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ case VMX_EXIT_VMXON: /* 27 Guest software executed VMXON. */ + case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ + case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ + case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ + case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ /** @todo inject #UD immediately */ rc = VERR_EM_INTERPRETER; break;Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp =================================================================== --- src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95341) +++ src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) @@ -1705,7 +1705,14 @@ if (rc2 == VERR_SEM_BUSY) return VINF_IOM_R3_MMIO_READ_WRITE; #endif - VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault)); + PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault); + if (RT_UNLIKELY(!pRange)) + { + IOM_UNLOCK(pVM); + return VERR_IOM_MMIO_RANGE_NOT_FOUND; + } + + VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange); IOM_UNLOCK(pVM); return VBOXSTRICTRC_VAL(rcStrict); }Index: include/VBox/vmm/hwacc_vmx.h =================================================================== --- include/VBox/vmm/hwacc_vmx.h (revision 96120) +++ include/VBox/vmm/hwacc_vmx.h (revision 96121) @@ -550,6 +550,12 @@ #define VMX_EXIT_WBINVD 54 /** 55 XSETBV. Guest software attempted to execute XSETBV. */ #define VMX_EXIT_XSETBV 55 +/** 57 RDRAND. Guest software attempted to execute RDRAND. */ +#define VMX_EXIT_RDRAND 57 +/** 58 INVPCID. Guest software attempted to execute INVPCID. */ +#define VMX_EXIT_INVPCID 58 +/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ +#define VMX_EXIT_VMFUNC 59 /** @} */ Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp =================================================================== --- src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96120) +++ src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96121) @@ -4799,6 +4799,10 @@ case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ case VMX_EXIT_VMXON: /* 27 Guest software executed VMXON. */ + case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ + case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ + case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ + case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ /** @todo inject #UD immediately */ rc = VERR_EM_INTERPRETER; break;
--- End Message ---
signature.asc
Description: OpenPGP digital signature
