1) CVE-2020-11740, CVE-2020-11741 Impact: "A malicious guest may be able to access sensitive information pertaining to other guests. Guests with "active profiling" enabled can crash the host (DoS). Privilege escalation cannot be ruled out." Advisory: https://lists.xenproject.org/archives/html/xen-announce/2020-04/msg00000.html 2) CVE-2020-11739 Impact: "A malicous guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded." Advisory: https://lists.xenproject.org/archives/html/xen-announce/2020-04/msg00002.html 3) CVE-2020-11743 Impact: "A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain." Advisory: https://lists.xenproject.org/archives/html/xen-announce/2020-04/msg00003.html 4) Impact: "A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause in crashes or other incorrect behaviour." Advisory: https://lists.xenproject.org/archives/html/xen-announce/2020-04/msg00001.html --- Please see the linked advisories for detailed information on the vulnerabilities and patches.
(In reply to Sam James (sec padawan) from comment #0) > 4) > This is CVE-2020-11742. --- @maintainer(s), please create an appropriate ebuild with upstream's patches.
[PR: https://github.com/gentoo/gentoo/pull/15343 will be updated soon with the patches.]
(In reply to Sam James (sec padawan) from comment #2) > [PR: https://github.com/gentoo/gentoo/pull/15343 will be updated soon with > the patches.] Done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b925c44559bb0a48f9b5c211b00fa2dc6828a2af commit b925c44559bb0a48f9b5c211b00fa2dc6828a2af Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-04-14 10:44:46 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2020-04-15 15:48:15 +0000 app-emulation/xen: add patches for 4.13 Fix Xen security bugs CVE-2020-{11739,11740,11741,11742,11743} Bug: https://bugs.gentoo.org/717446 Closes: https://github.com/gentoo/gentoo/pull/15343 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.13.0-r3.ebuild | 165 +++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf59763275a84bed50e046890ee51fd66de3cb40 commit bf59763275a84bed50e046890ee51fd66de3cb40 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-04-14 10:43:49 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2020-04-15 15:48:12 +0000 app-emulation/xen: add patches for 4.12 Fix Xen security bugs CVE-2020-{11739,11740,11741,11742,11743} Bug: https://bugs.gentoo.org/717446 Closes: https://github.com/gentoo/gentoo/pull/15343 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.12.2-r2.ebuild | 165 +++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+)
@maintainer(s), please advise if ready for stabilisation, or call yourself. Thanks.
ago has let me know that stabilisation is blocked on these: bug 717700 bug 717698
(In reply to Sam James (sec padawan) from comment #6) > ago has let me know that stabilisation is blocked on these: > bug 717700 > bug 717698 Changing to "see also" because ago explained they are not formal blockers, but blockers for his process.
@ago: your blockers have been fixed, please proceed
amd64 stable
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11be7af2a980a01a1cc4b4676209d70a85ae3818 commit 11be7af2a980a01a1cc4b4676209d70a85ae3818 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-04-28 11:57:37 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2020-04-30 14:42:44 +0000 app-emulation/xen: drop vulnerable version Bug: https://bugs.gentoo.org/717446 Closes: https://github.com/gentoo/gentoo/pull/15554 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen/Manifest | 1 - app-emulation/xen/xen-4.12.2-r1.ebuild | 165 --------------------------------- 2 files changed, 166 deletions(-)
Thanks!
This issue was resolved and addressed in GLSA 202005-08 at https://security.gentoo.org/glsa/202005-08 by GLSA coordinator Thomas Deutschmann (whissi).
@Whissi, please change the vulnerable xen-tools version to <app-emulation/xen-tools-4.12.2-r1 (not app-emulation/xen-tools-4.12.2-r2) as we don't have -r2 in the tree. Thanks.
https://gitweb.gentoo.org/data/glsa.git/commit/?id=8f997a18382e6fd1fe9722aff738fb088141123c
Thanks @Whissi
