https://xenbits.xen.org/xsa/advisory-447.html ISSUE DESCRIPTION ================= Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient. IMPACT ====== A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. VULNERABLE SYSTEMS ================== Systems running all version of Xen are affected. Only systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit is not affected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1da2b08b738151d1c02a097dbb56313d371dd9c7 commit 1da2b08b738151d1c02a097dbb56313d371dd9c7 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-01-08 16:35:11 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-01-09 08:52:43 +0000 app-emulation/xen: add upstream patches Bug: https://bugs.gentoo.org/918669 Bug: https://bugs.gentoo.org/921355 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/34713 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 2 + app-emulation/xen/xen-4.16.6_pre2.ebuild | 174 ++++++++++++++++++++++++++++++ app-emulation/xen/xen-4.17.3.ebuild | 179 +++++++++++++++++++++++++++++++ 3 files changed, 355 insertions(+)