Summary: | <app-emulation/xen-{4.13.2-r5,4.14.1-r1}: insufficient memory isolation between guests (CVE-2021-26933) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | hydrapolic, kernel, proxy-maint, security-kernel, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/19543 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e79e7791eb59e8afeb86e1ef75d5b955492c2e06 commit e79e7791eb59e8afeb86e1ef75d5b955492c2e06 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-02-19 13:33:20 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-02-21 16:07:56 +0000 app-emulation/xen: add security patches Fixes XSA-364. Bug: https://bugs.gentoo.org/742272 Bug: https://bugs.gentoo.org/771117 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen/Manifest | 2 + app-emulation/xen/xen-4.13.2-r5.ebuild | 165 +++++++++++++++++++++++++++++++++ app-emulation/xen/xen-4.14.1-r1.ebuild | 165 +++++++++++++++++++++++++++++++++ 3 files changed, 332 insertions(+) Only patched for XSA-364? Are we unaffected for the other issues? (In reply to John Helmert III (ajak) from comment #2) > Only patched for XSA-364? Are we unaffected for the other issues? The others are fixed in the kernel itself. The fixes for 361,362,365 are in the queue, so for instance 5.4.100 will probably have the fixes. XSA-361 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-arm-don-t-ignore-return-errors-from-set_phys_to_machine.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-gntdev-correct-dev_bus_addr-handling-in-gntdev_map_grant_pages.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-gntdev-correct-error-checking-in-gntdev_map_grant_pages.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-x86-also-check-kernel-mapping-in-set_foreign_p2m_mapping.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-x86-don-t-bail-early-from-clear_foreign_p2m_mapping.patch XSA-362 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-blkback-don-t-handle-error-by-bug.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-netback-don-t-handle-error-by-bug.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-scsiback-don-t-handle-error-by-bug.patch XSA-365 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.4/xen-blkback-fix-error-handling-in-xen_blkbk_map.patch Fixes included in kernels: 5.10.18 5.4.100 4.19.177 4.14.222 4.9.258 4.4.258 (In reply to Tomáš Mózes from comment #5) > Fixes included in kernels: > 5.10.18 > 5.4.100 > 4.19.177 > 4.14.222 > 4.9.258 > 4.4.258 Thanks! Downgrading to B4 since XSA-364 seems to just be information disclosure. (In reply to John Helmert III (ajak) from comment #6) > (In reply to Tomáš Mózes from comment #5) > > Fixes included in kernels: > > 5.10.18 > > 5.4.100 > > 4.19.177 > > 4.14.222 > > 4.9.258 > > 4.4.258 > > Thanks! Downgrading to B4 since XSA-364 seems to just be information > disclosure. And as such it's only affecting arm for which xen is only unstable, so down to ~4 and we'll keep stabling to enable cleanup. Sorry for all the noise. amd64 done all arches done Please cleanup. Cleanup done, closing. |