Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812485 (CVE-2021-28701, XSA-384) - <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021-28701)
Summary: <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021...
Status: RESOLVED FIXED
Alias: CVE-2021-28701, XSA-384
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: http://xenbits.xen.org/xsa/advisory-3...
Whiteboard: B4 [glsa+]
Keywords:
Depends on: CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, XSA-378, XSA-379, XSA-380, XSA-382, XSA-383
Blocks:
  Show dependency tree
 
Reported: 2021-09-10 19:28 UTC by John Helmert III
Modified: 2022-08-14 14:34 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 19:28:42 UTC 
CVE-2021-28701:

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
Comment 1 Larry the Git Cow gentoo-dev 2021-09-18 09:50:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2c2f779b6943e83e77b248b567c1e1d840c137

commit 4f2c2f779b6943e83e77b248b567c1e1d840c137
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-09-11 11:01:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-09-18 09:49:58 +0000

    app-emulation/xen: bump to 4.14.3/4.15.1
    
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/810341
    Closes: https://bugs.gentoo.org/800935
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/22270
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/xen/Manifest                   |   2 +
 app-emulation/xen/files/xen-4.15-flask.patch |  13 +++
 app-emulation/xen/xen-4.14.3.ebuild          | 167 +++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1.ebuild          | 167 +++++++++++++++++++++++++++
 4 files changed, 349 insertions(+)
Comment 2 Tomáš Mózes 2021-12-18 01:13:11 UTC 
This is done, tree clean.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:51:55 UTC 
GLSA request filed
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:30:49 UTC 
GLSA done, all done.
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 14:34:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1

commit 22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:28:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-23 ] Xen: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/810341
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/816882
    Bug: https://bugs.gentoo.org/825354
    Bug: https://bugs.gentoo.org/832039
    Bug: https://bugs.gentoo.org/835401
    Bug: https://bugs.gentoo.org/850802
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-23.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)