github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-05-31 03:15:42 +00:00
Code Issues Projects Releases Wiki Activity

doc: Add Advisory notes

Browse Source 
Signed-off-by: lirui34 <ruix.li@intel.com>
This commit is contained in:
lirui34 2019-11-06 16:48:17 +08:00 committed by wenlingz
parent 94394ae98d
commit c6bccd5cea
2 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
doc/asa.rst Normal file
View File

@ -0,0 +1,57 @@
.. _asa:
Advisory
********
We recommend all developers upgrade to this v1.4 release, which addresses these security
issues discovered in earlier releases:
AP Trampoline Is Accessible to Service VM
This vulnerability is triggered when validating the memory isolation between
VM and hypervisor. AP Trampoline code exists in LOW_RAM region in hypervisor but is
potentially accessible to service VM. This could be used by an attacker to mount DoS
attacks on the hypervisor if service VM is compromised.
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4
Improper Usage Of ``LIST_FOREACH()`` macro
Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used for some cases
which may induce a "wild pointer" and cause ACRN Device Model crash. An attacker
could use this issue to cause a denial of service (DoS).
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4
Hypervisor Crashed When Fuzzing HC_SET_CALLBACK_VECTOR
This vulnerability was reported by Fuzzing tool for debug version of ACRN. When software fails
to validate input properly, an attacker is able to craft the input in a form that is
not expected by the rest of the application. This can lead to parts of the system
receiving unintended input, which may result in altered control flow, arbitrary control
of a resource, or arbitrary code execution.
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4
FILE Pointer Is Not Closed After Using
This vulnerability was reported by Fuzzing tool. Leaving the file unclosed will cause
leaking file descriptor and may cause unexpected errors in Device Model program.
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4
Descriptor of Directory Stream Is Referenced After Release
This vulnerability was reported by Fuzzing tool. A successful call to ``closedir(DIR *dirp)``
also closes the underlying file descriptor associated with ``dirp``. Access to the released
descriptor may point to some arbitrary memory location or cause undefined behavior.
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4
Mutex Is Potentially Kept in Locked State Forever
This vulnerability was reported by Fuzzing tool. pthread_mutex_lock/unlock pairing was not
always done. Leaving a mutex in a locked state forever can cause program deadlock,
depending on the usage scenario.
| **Affected Release:** v1.3 and earlier.
| Its recommended to upgrade ACRN to release v1.4

1
doc/index.rst
View File

@ -80,6 +80,7 @@ license.
contribute
reference/index
release_notes/index
asa
faq
.. _BSD 3-clause license: