Bug 744202 (CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25598, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604, XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343, XSA-344)

Summary:	<app-emulation/xen-{4.13.1-r4, 4.14.0-r1}: Multiple vulnerabilities (XSA-{333,334,336,337,338,339,340,342,343,344})
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	hydrapolic, proxy-maint, xen
Priority:	Normal	Flags:	nattka: sanity-check-
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/17638 https://bugs.gentoo.org/show_bug.cgi?id=738040
Whiteboard:	B1 [glsa+ cve]
Package list:	app-emulation/xen-4.13.1-r4 amd64 app-emulation/xen-tools-4.13.1-r4	Runtime testing required:	---

Description Sam James archtester

2020-09-23 03:35:06 UTC

* XSA-333 (CVE-2020-25602)

Description:
"x86 pv: Crash when handling guest access to MSR_MISC_ENABLE"

URL: https://xenbits.xen.org/xsa/advisory-333.html

* XSA-334 (CVE-2020-25598)

Description:
"Missing unlock in XENMEM_acquire_resource error path"

URL: https://xenbits.xen.org/xsa/advisory-334.html

* XSA-336 (CVE-2020-25604)

Description:
"race when migrating timers between x86 HVM vCPU-s"

URL: https://xenbits.xen.org/xsa/advisory-336.html

* XSA-337 (CVE-2020-25595)

Description:
"PCI passthrough code reading back hardware registers"

URL: https://xenbits.xen.org/xsa/advisory-337.html

* XSA-338 (CVE-2020-25597)

Description:
"once valid event channels may not turn invalid"

URL: https://xenbits.xen.org/xsa/advisory-338.html

* XSA-339 (CVE-2020-25596)

Description:
"x86 pv guest kernel DoS via SYSENTER"

URL: https://xenbits.xen.org/xsa/advisory-339.html

* XSA-340 (CVE-2020-25603)

Description:
"Missing memory barriers when accessing/allocating an event channel"

URL: https://xenbits.xen.org/xsa/advisory-340.html

* XSA-342 (CVE-2020-25600)

Description:
"out of bounds event channels available to 32-bit x86 domains"

URL: https://xenbits.xen.org/xsa/advisory-342.html

* XSA-343 (CVE-2020-25599)

Description:
"races with evtchn_reset()"

URL: https://xenbits.xen.org/xsa/advisory-343.html

* XSA-344 (CVE-2020-25601)

Description:
"lack of preemption in evtchn_reset() / evtchn_destroy()"

URL: https://xenbits.xen.org/xsa/advisory-344.html

Comment 1 Sam James archtester

2020-09-29 20:03:08 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=624e7297911faa220e0657b95d92afa07e471d6b

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a434d993761f0a13deb5602cb0efb7d5c4f992a

Comment 2 Agostino Sarubbo gentoo-dev

2020-10-07 07:11:47 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2020-10-09 08:33:34 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 4 NATTkA bot gentoo-dev

2020-11-10 15:33:47 UTC

Unable to check for sanity:

> no match for package: app-emulation/xen-4.13.1-r4

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2020-11-11 03:49:49 UTC

This issue was resolved and addressed in
 GLSA 202011-06 at https://security.gentoo.org/glsa/202011-06
by GLSA coordinator Sam James (sam_c).