https://xenbits.xen.org/xsa/advisory-454.html x86 HVM hypercalls may trigger Xen bug check ISSUE DESCRIPTION ================= Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash. IMPACT ====== A HVM or PVH guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host. https://xenbits.xen.org/xsa/advisory-455.html x86: Incorrect logic for BTC/SRSO mitigations ISSUE DESCRIPTION ================= Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html IMPACT ====== XSAs 407 and 434 are unmitigated, even when the patches are in place.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d31f537201f13b73921965d76da5934c0045a4a9 commit d31f537201f13b73921965d76da5934c0045a4a9 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-10 06:23:29 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-10 06:43:18 +0000 app-emulation/xen: add 4.17.4 Fixes XSA-454, XSA-455 Bug: https://bugs.gentoo.org/929038 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.17.4.ebuild | 179 ++++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7ce4f82dd1b7feb09f791b626796954fff357f2 commit d7ce4f82dd1b7feb09f791b626796954fff357f2 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-04-10 06:22:23 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-04-10 06:43:17 +0000 app-emulation/xen-tools: add 4.17.4 Fixes XSA-454, XSA-455 Bug: https://bugs.gentoo.org/929038 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 1 + app-emulation/xen-tools/xen-tools-4.17.4.ebuild | 524 ++++++++++++++++++++++++ 2 files changed, 525 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c37fde91730804f6895e61e65b1d98c215efbf9 commit 1c37fde91730804f6895e61e65b1d98c215efbf9 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-05-28 16:39:56 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-05-29 08:31:35 +0000 app-emulation/xen: drop 4.17.4_pre2 Bug: https://bugs.gentoo.org/929038 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/36435 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 2 - app-emulation/xen/xen-4.17.4_pre2.ebuild | 179 ------------------------------- 2 files changed, 181 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ea0d6e72b1ba346264d25ab8bdd78f6551eaaadf commit ea0d6e72b1ba346264d25ab8bdd78f6551eaaadf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-22 06:41:59 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-22 06:42:08 +0000 [ GLSA 202409-10 ] Xen: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/918669 Bug: https://bugs.gentoo.org/921355 Bug: https://bugs.gentoo.org/923741 Bug: https://bugs.gentoo.org/928620 Bug: https://bugs.gentoo.org/929038 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-10.xml | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+)
