https://xenbits.xen.org/xsa/advisory-454.html x86 HVM hypercalls may trigger Xen bug check ISSUE DESCRIPTION ================= Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash. IMPACT ====== A HVM or PVH guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host. https://xenbits.xen.org/xsa/advisory-455.html x86: Incorrect logic for BTC/SRSO mitigations ISSUE DESCRIPTION ================= Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html IMPACT ====== XSAs 407 and 434 are unmitigated, even when the patches are in place.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d31f537201f13b73921965d76da5934c0045a4a9 commit d31f537201f13b73921965d76da5934c0045a4a9 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-10 06:23:29 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-10 06:43:18 +0000 app-emulation/xen: add 4.17.4 Fixes XSA-454, XSA-455 Bug: https://bugs.gentoo.org/929038 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.17.4.ebuild | 179 ++++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7ce4f82dd1b7feb09f791b626796954fff357f2 commit d7ce4f82dd1b7feb09f791b626796954fff357f2 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-10 06:22:23 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-10 06:43:17 +0000 app-emulation/xen-tools: add 4.17.4 Fixes XSA-454, XSA-455 Bug: https://bugs.gentoo.org/929038 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 1 + app-emulation/xen-tools/xen-tools-4.17.4.ebuild | 524 ++++++++++++++++++++++++ 2 files changed, 525 insertions(+)