https://xenbits.xen.org/xsa/advisory-449.html ISSUE DESCRIPTION ================= PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. IMPACT ====== Under certain circumstances a malicious guest assigned a PCI device with phantom functions may be able to access memory from a previous owner of the device. https://xenbits.xen.org/xsa/advisory-450.html ISSUE DESCRIPTION ================= Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. IMPACT ====== When a device is removed from a domain, it is not properly quarantined and retains its access to the domain to which it was previously assigned.
Thanks for reporting!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29e115efe6329ee27cca4aeaf6acf824ec8f835d commit 29e115efe6329ee27cca4aeaf6acf824ec8f835d Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-02-03 18:37:58 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-03-28 11:21:11 +0000 app-emulation/xen: add 4.17.4_pre1 Fixes XSA-449, XSA-450 Bug: https://bugs.gentoo.org/923741 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.17.4_pre1.ebuild | 179 +++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59a177115c32b95d710f2dbc19cd056dbb6246f1 commit 59a177115c32b95d710f2dbc19cd056dbb6246f1 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-02-03 18:36:16 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-03-28 11:21:11 +0000 app-emulation/xen-tools: add 4.17.4_pre1 Fixes XSA-449, XSA-450 Bug: https://bugs.gentoo.org/923741 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 1 + .../xen-tools/xen-tools-4.17.4_pre1.ebuild | 524 +++++++++++++++++++++ 2 files changed, 525 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb06f7878c3f925c09cc67bf3a42e472908174a8 commit bb06f7878c3f925c09cc67bf3a42e472908174a8 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-05 07:59:16 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-05 15:59:39 +0000 app-emulation/xen-tools: drop 4.16.6_pre2, 4.17.3 Bug: https://bugs.gentoo.org/923741 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/36114 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 3 - .../xen-tools/xen-tools-4.16.6_pre2.ebuild | 523 -------------------- app-emulation/xen-tools/xen-tools-4.17.3.ebuild | 524 --------------------- 3 files changed, 1050 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df23a7f7594ff4e027e57bab01f4baa43a798905 commit df23a7f7594ff4e027e57bab01f4baa43a798905 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-05 07:58:45 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-05 15:59:39 +0000 app-emulation/xen: drop 4.16.6_pre2, 4.17.3 Bug: https://bugs.gentoo.org/923741 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 3 - app-emulation/xen/xen-4.16.6_pre2.ebuild | 174 ------------------------------ app-emulation/xen/xen-4.17.3.ebuild | 179 ------------------------------- 3 files changed, 356 deletions(-)
