Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 731658 (CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567) - <app-emulation/xen-4.12.3-r2: Multiple vulnerabilities (CVE-2020-{15563,15564,15565,15566,15567})
Summary: <app-emulation/xen-4.12.3-r2: Multiple vulnerabilities (CVE-2020-{15563,15564...
Status: RESOLVED FIXED
Alias: CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-08 00:01 UTC by John Helmert III
Modified: 2020-07-26 23:29 UTC (History)
2 users (show)

See Also:
Package list:
app-emulation/xen-4.12.3-r2 amd64 app-emulation/xen-tools-4.12.3-r2 amd64 x86
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-08 00:01:32 UTC 
CVE-2020-15563 (https://xenbits.xen.org/xsa/advisory-319.html):

A malicious or buggy HVM guest may cause the hypervisor to crash,
resulting in Denial of Service (DoS) affecting the entire host.

CVE-2020-15564 (https://xenbits.xen.org/xsa/advisory-327.html):

A malicious guest administrator may cause a hypervisor crash, resulting in a
Denial of Service (DoS).

CVE-2020-15565 (https://xenbits.xen.org/xsa/advisory-321.html):

A malicious guest may be able to retain read/write DMA access to
frames returned to Xen's free pool, and later reused for another
purpose.  Host crashes (leading to a Denial of Service) and privilege
escalation cannot be ruled out.

CVE-2020-15566 (https://xenbits.xen.org/xsa/advisory-317.html):

When the administrator configured a guest to allow more than 1023
event channels, that guest may be able to crash the host.

When Xen is out-of-memory, allocation of new event channels will
result in crashing the host rather than reporting an error.

CVE-2020-15567 (https://xenbits.xen.org/xsa/advisory-328.html):

A guest administrator or perhaps even unprivileged guest user might
be able to cause denial of service, data corruption, or privilege
escalation.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-08 00:02:36 UTC 
Maintainer(s), please advise if we are affected.
Comment 2 Larry the Git Cow gentoo-dev 2020-07-09 13:47:29 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c61df4e3510b1d417ae316f3f1b90ccd69dc88

commit 26c61df4e3510b1d417ae316f3f1b90ccd69dc88
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:36:41 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:24 +0000

    app-emulation/xen-tools: drop vulnerable
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   4 -
 app-emulation/xen-tools/files/gentoo-patches.conf  |  10 -
 app-emulation/xen-tools/xen-tools-4.12.2-r1.ebuild | 491 --------------------
 app-emulation/xen-tools/xen-tools-4.13.1-r1.ebuild | 505 ---------------------
 4 files changed, 1010 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ce2e27015be6d9aa7e32e3cde860a33b943de25

commit 8ce2e27015be6d9aa7e32e3cde860a33b943de25
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:34:41 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:21 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest             |   1 -
 app-emulation/xen/xen-4.13.1-r1.ebuild | 165 ---------------------------------
 2 files changed, 166 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5361b6b1705f183a78f5fc0267eb31b21475e592

commit 5361b6b1705f183a78f5fc0267eb31b21475e592
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:34:14 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:17 +0000

    app-emulation/xen: add security patches
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.12.3-r2.ebuild | 165 +++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.13.1-r2.ebuild | 165 +++++++++++++++++++++++++++++++++
 3 files changed, 332 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bef3fea65ada379ef861c573c886f9c2e23761b

commit 9bef3fea65ada379ef861c573c886f9c2e23761b
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:33:45 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:14 +0000

    app-emulation/xen-tools: add security patches
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   2 +
 app-emulation/xen-tools/xen-tools-4.12.3-r2.ebuild | 500 ++++++++++++++++++++
 app-emulation/xen-tools/xen-tools-4.13.1-r2.ebuild | 505 +++++++++++++++++++++
 3 files changed, 1007 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-09 14:40:22 UTC 
Thank you.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 00:05:25 UTC 
amd64, x86: ping
Comment 5 Agostino Sarubbo gentoo-dev 2020-07-17 07:24:41 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-07-17 07:45:08 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Larry the Git Cow gentoo-dev 2020-07-18 00:00:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0944c6b2fc4279276065eebe18bef416d42781a

commit c0944c6b2fc4279276065eebe18bef416d42781a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-17 21:05:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-17 23:59:49 +0000

    app-emulation/xen: security cleanup
    
    Bug: https://bugs.gentoo.org/731658
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 app-emulation/xen/Manifest             |   1 -
 app-emulation/xen/xen-4.12.3-r1.ebuild | 165 ---------------------------------
 2 files changed, 166 deletions(-)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:29:11 UTC 
This issue was resolved and addressed in
 GLSA 202007-02 at https://security.gentoo.org/glsa/202007-02
by GLSA coordinator Sam James (sam_c).