From ${URL} : Xen Security Advisory XSA-163 virtual PMU is unsupported ISSUE DESCRIPTION ================= The Virtual Performance Measurement Unit feature has been documented as unsupported, so far only on Intel CPUs. Further issues have been found or are suspected which would also (or exclusively) affect AMD CPUs. We believe that the functionality is mostly intended for non-production use anyway. Therefore this functionality is hereby documented as generally unsupported security-wise. IMPACT ====== Use of the feature may have unknown effects, ranging from information leaks through Denial of Service to privilege escalation. VULNERABLE SYSTEMS ================== Only systems which enable the VPMU feature are affected. That is, only systems with a `vpmu' setting on the hypervisor command line. Xen versions from 3.3 onwards are affected. Only x86 systems are affected. ARM systems do not currently implement vPMU and are therefore currently unaffected; should this functionality be added to ARM in the future it would be covered by this exclusion. In Xen versions prior to 4.6 only HVM guests can take advantage of this unsupported functionality. In Xen versions from 4.6 onwards all guest kinds can use this unsupported functionality. MITIGATION ========== Not enabling vPMU support (by omitting the "vpmu" hypervisor command line option) will avoid using and exposing the unsupported functionality.
Not sure what the requested action is. Basically if the user configures their system to enable a feature that is unsupported they will expose themselves to a security issue. There's no patch here.
There are patches for this. http://xenbits.xen.org/xsa/advisory-163.html
Actually I stand corrected - it does not have a patch: "Applying the attached patch documents the situation. The patch does not fix any security issues."
I do not see the patch in the tree. @maintainer, how do you want to handle this?
This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight).