Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 731658 (CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567)

Summary: <app-emulation/xen-4.12.3-r2: Multiple vulnerabilities (CVE-2020-{15563,15564,15565,15566,15567})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: hydrapolic, xen
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/16637
https://bugs.gentoo.org/show_bug.cgi?id=733914
Whiteboard: B1 [glsa+ cve]
Package list:
app-emulation/xen-4.12.3-r2 amd64 app-emulation/xen-tools-4.12.3-r2 amd64 x86
 Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-08 00:01:32 UTC 
CVE-2020-15563 (https://xenbits.xen.org/xsa/advisory-319.html):

A malicious or buggy HVM guest may cause the hypervisor to crash,
resulting in Denial of Service (DoS) affecting the entire host.

CVE-2020-15564 (https://xenbits.xen.org/xsa/advisory-327.html):

A malicious guest administrator may cause a hypervisor crash, resulting in a
Denial of Service (DoS).

CVE-2020-15565 (https://xenbits.xen.org/xsa/advisory-321.html):

A malicious guest may be able to retain read/write DMA access to
frames returned to Xen's free pool, and later reused for another
purpose.  Host crashes (leading to a Denial of Service) and privilege
escalation cannot be ruled out.

CVE-2020-15566 (https://xenbits.xen.org/xsa/advisory-317.html):

When the administrator configured a guest to allow more than 1023
event channels, that guest may be able to crash the host.

When Xen is out-of-memory, allocation of new event channels will
result in crashing the host rather than reporting an error.

CVE-2020-15567 (https://xenbits.xen.org/xsa/advisory-328.html):

A guest administrator or perhaps even unprivileged guest user might
be able to cause denial of service, data corruption, or privilege
escalation.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-07-08 00:02:36 UTC 
Maintainer(s), please advise if we are affected.
Comment 2 Larry the Git Cow gentoo-dev 2020-07-09 13:47:29 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c61df4e3510b1d417ae316f3f1b90ccd69dc88

commit 26c61df4e3510b1d417ae316f3f1b90ccd69dc88
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:36:41 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:24 +0000

    app-emulation/xen-tools: drop vulnerable
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   4 -
 app-emulation/xen-tools/files/gentoo-patches.conf  |  10 -
 app-emulation/xen-tools/xen-tools-4.12.2-r1.ebuild | 491 --------------------
 app-emulation/xen-tools/xen-tools-4.13.1-r1.ebuild | 505 ---------------------
 4 files changed, 1010 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ce2e27015be6d9aa7e32e3cde860a33b943de25

commit 8ce2e27015be6d9aa7e32e3cde860a33b943de25
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:34:41 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:21 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest             |   1 -
 app-emulation/xen/xen-4.13.1-r1.ebuild | 165 ---------------------------------
 2 files changed, 166 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5361b6b1705f183a78f5fc0267eb31b21475e592

commit 5361b6b1705f183a78f5fc0267eb31b21475e592
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:34:14 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:17 +0000

    app-emulation/xen: add security patches
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.12.3-r2.ebuild | 165 +++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.13.1-r2.ebuild | 165 +++++++++++++++++++++++++++++++++
 3 files changed, 332 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bef3fea65ada379ef861c573c886f9c2e23761b

commit 9bef3fea65ada379ef861c573c886f9c2e23761b
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2020-07-08 08:33:45 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2020-07-09 13:45:14 +0000

    app-emulation/xen-tools: add security patches
    
    Bug: https://bugs.gentoo.org/731658
    Closes: https://github.com/gentoo/gentoo/pull/16637
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   2 +
 app-emulation/xen-tools/xen-tools-4.12.3-r2.ebuild | 500 ++++++++++++++++++++
 app-emulation/xen-tools/xen-tools-4.13.1-r2.ebuild | 505 +++++++++++++++++++++
 3 files changed, 1007 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-09 14:40:22 UTC 
Thank you.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 00:05:25 UTC 
amd64, x86: ping
Comment 5 Agostino Sarubbo gentoo-dev 2020-07-17 07:24:41 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-07-17 07:45:08 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Larry the Git Cow gentoo-dev 2020-07-18 00:00:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0944c6b2fc4279276065eebe18bef416d42781a

commit c0944c6b2fc4279276065eebe18bef416d42781a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-17 21:05:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-17 23:59:49 +0000

    app-emulation/xen: security cleanup
    
    Bug: https://bugs.gentoo.org/731658
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 app-emulation/xen/Manifest             |   1 -
 app-emulation/xen/xen-4.12.3-r1.ebuild | 165 ---------------------------------
 2 files changed, 166 deletions(-)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:29:11 UTC 
This issue was resolved and addressed in
 GLSA 202007-02 at https://security.gentoo.org/glsa/202007-02
by GLSA coordinator Sam James (sam_c).