|
| 1 | +.. _asa: |
| 2 | + |
| 3 | +Advisory |
| 4 | +******** |
| 5 | + |
| 6 | +We recommend all developers upgrade to this v1.4 release, which addresses these security |
| 7 | +issues discovered in earlier releases: |
| 8 | + |
| 9 | +AP Trampoline Is Accessible to Service VM |
| 10 | + This vulnerability is triggered when validating the memory isolation between |
| 11 | + VM and hypervisor. AP Trampoline code exists in LOW_RAM region in hypervisor but is |
| 12 | + potentially accessible to service VM. This could be used by an attacker to mount DoS |
| 13 | + attacks on the hypervisor if service VM is compromised. |
| 14 | + |
| 15 | + | **Affected Release:** v1.3 and earlier. |
| 16 | + | It’s recommended to upgrade ACRN to release v1.4 |
| 17 | +
|
| 18 | +Improper Usage Of ``LIST_FOREACH()`` macro |
| 19 | + Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used for some cases |
| 20 | + which may induce a "wild pointer" and cause ACRN Device Model crash. An attacker |
| 21 | + could use this issue to cause a denial of service (DoS). |
| 22 | + |
| 23 | + | **Affected Release:** v1.3 and earlier. |
| 24 | + | It’s recommended to upgrade ACRN to release v1.4 |
| 25 | +
|
| 26 | +Hypervisor Crashed When Fuzzing HC_SET_CALLBACK_VECTOR |
| 27 | + This vulnerability was reported by Fuzzing tool for debug version of ACRN. When software fails |
| 28 | + to validate input properly, an attacker is able to craft the input in a form that is |
| 29 | + not expected by the rest of the application. This can lead to parts of the system |
| 30 | + receiving unintended input, which may result in altered control flow, arbitrary control |
| 31 | + of a resource, or arbitrary code execution. |
| 32 | + |
| 33 | + | **Affected Release:** v1.3 and earlier. |
| 34 | + | It’s recommended to upgrade ACRN to release v1.4 |
| 35 | +
|
| 36 | +FILE Pointer Is Not Closed After Using |
| 37 | + This vulnerability was reported by Fuzzing tool. Leaving the file unclosed will cause |
| 38 | + leaking file descriptor and may cause unexpected errors in Device Model program. |
| 39 | + |
| 40 | + | **Affected Release:** v1.3 and earlier. |
| 41 | + | It’s recommended to upgrade ACRN to release v1.4 |
| 42 | +
|
| 43 | +Descriptor of Directory Stream Is Referenced After Release |
| 44 | + This vulnerability was reported by Fuzzing tool. A successful call to ``closedir(DIR *dirp)`` |
| 45 | + also closes the underlying file descriptor associated with ``dirp``. Access to the released |
| 46 | + descriptor may point to some arbitrary memory location or cause undefined behavior. |
| 47 | + |
| 48 | + | **Affected Release:** v1.3 and earlier. |
| 49 | + | It’s recommended to upgrade ACRN to release v1.4 |
| 50 | +
|
| 51 | +Mutex Is Potentially Kept in Locked State Forever |
| 52 | + This vulnerability was reported by Fuzzing tool. pthread_mutex_lock/unlock pairing was not |
| 53 | + always done. Leaving a mutex in a locked state forever can cause program deadlock, |
| 54 | + depending on the usage scenario. |
| 55 | + |
| 56 | + | **Affected Release:** v1.3 and earlier. |
| 57 | + | It’s recommended to upgrade ACRN to release v1.4 |
0 commit comments