Summary: | <app-emulation/xen-{4.16.6_pre2,4.17.3}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Fore <csfore> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | ajak, hydrapolic, proxy-maint, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://xenbits.xenproject.org/xsa/advisory-443.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/34713 | ||
Whiteboard: | B2 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 922051 | ||
Bug Blocks: |
Description
Christopher Fore
2023-11-27 19:17:01 UTC
CVE-2022-42336/XSA-431 (https://xenbits.xenproject.org/xsa/advisory-431.html): An attacker with control over a guest can mislead other guests into observing SSBD active when it is not. CVE-2023-34320/XSA-436 (https://xenbits.xenproject.org/xsa/advisory-436.html): A (malicious) guest that doesn't include the workaround for erratum 1508412 could deadlock the core. This will ultimately result to a deadlock of the system. CVE-2023-34319/XSA-432 (https://xenbits.xenproject.org/xsa/advisory-432.html): An unprivileged guest can cause Denial of Service (DoS) of the host by sending network packets to the backend, causing the backend to crash. Data corruption or privilege escalation seem unlikely but have not been ruled out. CVE-2023-34321/XSA-437 (https://xenbits.xenproject.org/xsa/advisory-437.html): A malicious guest may be able to read sensitive data from memory that previously belonged to another guest. CVE-2023-34322/XSA-438 (https://xenbits.xenproject.org/xsa/advisory-438.html): Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks all cannot be ruled out. CVE-2023-20588/XSA-439 (https://xenbits.xenproject.org/xsa/advisory-439.html): An attacker might be able to infer data from a different execution context on the same CPU core. CVE-2023-34323/XSA-440 (https://xenbits.xenproject.org/xsa/advisory-440.html): A malicious guest could craft a transaction that will hit the C Xenstored bug and crash it. This will result to the inability to perform any further domain administration like starting new guests, or adding/removing resources to or from any existing guest. CVE-2023-34324/XSA-441 (https://xenbits.xenproject.org/xsa/advisory-441.html): A (malicious) guest administrator could cause a denial of service (DoS) in a backend domain (other than dom0) by disabling a paravirtualized device. A malicious backend could cause DoS in a guest running a Linux kernel by disabling a paravirtualized device. CVE-2023-34326/XSA-442 (https://xenbits.xenproject.org/xsa/advisory-442.html): Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks. CVE-2023-34327/CVE-2023-34328/XSA-444 (https://xenbits.xenproject.org/xsa/advisory-444.html): For CVE-2023-34327, any guest (PV or HVM) using Debug Masks normally for it's own purposes can cause incorrect behaviour in an unrelated HVM vCPU, most likely resulting in a guest crash. For CVE-2023-34328, a buggy or malicious PV guest kernel can lock up the host. CVE-2023-34325/CVE-2022-4949/XSA-443 (https://xenbits.xenproject.org/xsa/advisory-443.html): A guest using pygrub can escalate its privilege to that of the domain construction tools (i.e., normally, to control of the host). CVE-2023-46835/XSA-445 (https://xenbits.xenproject.org/xsa/advisory-445.html): A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned. CVE-2023-46836/XSA-446 (https://xenbits.xenproject.org/xsa/advisory-446.html): An attacker in a PV guest might be able to infer the contents of memory belonging to other guests. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1da2b08b738151d1c02a097dbb56313d371dd9c7 commit 1da2b08b738151d1c02a097dbb56313d371dd9c7 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-01-08 16:35:11 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2024-01-09 08:52:43 +0000 app-emulation/xen: add upstream patches Bug: https://bugs.gentoo.org/918669 Bug: https://bugs.gentoo.org/921355 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/34713 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 2 + app-emulation/xen/xen-4.16.6_pre2.ebuild | 174 ++++++++++++++++++++++++++++++ app-emulation/xen/xen-4.17.3.ebuild | 179 +++++++++++++++++++++++++++++++ 3 files changed, 355 insertions(+) |