Bug 923741 (CVE-2023-46839, CVE-2023-46840, XSA-449, XSA-450)

Summary:	<app-emulation/xen-4..17.4_pre1: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Tomáš Mózes <hydrapolic>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	ajak, hydrapolic, proxy-maint, xen
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/35170 https://github.com/gentoo/gentoo/pull/36114
Whiteboard:	B4 [glsa?]
Package list:		Runtime testing required:	---
Bug Depends on:	928053
Bug Blocks:

Description Tomáš Mózes 2024-02-03 18:20:42 UTC

https://xenbits.xen.org/xsa/advisory-449.html

ISSUE DESCRIPTION
=================

PCI devices can make use of a functionality called phantom functions,
that when enabled allows the device to generate requests using the IDs
of functions that are otherwise unpopulated.  This allows a device to
extend the number of outstanding requests.

Such phantom functions need an IOMMU context setup, but failure to
setup the context is not fatal when the device is assigned.  Not
failing device assignment when such failure happens can lead to the
primary device being assigned to a guest, while some of the phantom
functions are assigned to a different domain.

IMPACT
======

Under certain circumstances a malicious guest assigned a PCI device
with phantom functions may be able to access memory from a previous
owner of the device.


https://xenbits.xen.org/xsa/advisory-450.html


ISSUE DESCRIPTION
=================

Incorrect placement of a preprocessor directive in source code results
in logic that doesn't operate as intended when support for HVM guests is
compiled out of Xen.

IMPACT
======

When a device is removed from a domain, it is not properly quarantined
and retains its access to the domain to which it was previously
assigned.

Comment 1 John Helmert III archtester

2024-02-03 19:02:06 UTC

Thanks for reporting!

Comment 2 Larry the Git Cow gentoo-dev

2024-03-28 11:21:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29e115efe6329ee27cca4aeaf6acf824ec8f835d

commit 29e115efe6329ee27cca4aeaf6acf824ec8f835d
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2024-02-03 18:37:58 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2024-03-28 11:21:11 +0000

    app-emulation/xen: add 4.17.4_pre1
    
    Fixes XSA-449, XSA-450
    
    Bug: https://bugs.gentoo.org/923741
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen/Manifest               |   1 +
 app-emulation/xen/xen-4.17.4_pre1.ebuild | 179 +++++++++++++++++++++++++++++++
 2 files changed, 180 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59a177115c32b95d710f2dbc19cd056dbb6246f1

commit 59a177115c32b95d710f2dbc19cd056dbb6246f1
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2024-02-03 18:36:16 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2024-03-28 11:21:11 +0000

    app-emulation/xen-tools: add 4.17.4_pre1
    
    Fixes XSA-449, XSA-450
    
    Bug: https://bugs.gentoo.org/923741
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   1 +
 .../xen-tools/xen-tools-4.17.4_pre1.ebuild         | 524 +++++++++++++++++++++
 2 files changed, 525 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-04-05 15:59:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb06f7878c3f925c09cc67bf3a42e472908174a8

commit bb06f7878c3f925c09cc67bf3a42e472908174a8
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2024-04-05 07:59:16 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2024-04-05 15:59:39 +0000

    app-emulation/xen-tools: drop 4.16.6_pre2, 4.17.3
    
    Bug: https://bugs.gentoo.org/923741
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/36114
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   3 -
 .../xen-tools/xen-tools-4.16.6_pre2.ebuild         | 523 --------------------
 app-emulation/xen-tools/xen-tools-4.17.3.ebuild    | 524 ---------------------
 3 files changed, 1050 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df23a7f7594ff4e027e57bab01f4baa43a798905

commit df23a7f7594ff4e027e57bab01f4baa43a798905
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2024-04-05 07:58:45 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2024-04-05 15:59:39 +0000

    app-emulation/xen: drop 4.16.6_pre2, 4.17.3
    
    Bug: https://bugs.gentoo.org/923741
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen/Manifest               |   3 -
 app-emulation/xen/xen-4.16.6_pre2.ebuild | 174 ------------------------------
 app-emulation/xen/xen-4.17.3.ebuild      | 179 -------------------------------
 3 files changed, 356 deletions(-)