Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659442 (CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, XSA-264, XSA-265, XSA-266) - <app-emulation/xen-{4.10.1-r1,4.11.0}: multiple vulnerabilities (XSA-{264,265,266})
Summary: <app-emulation/xen-{4.10.1-r1,4.11.0}: multiple vulnerabilities (XSA-{264,265...
Status: RESOLVED FIXED
Alias: CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, XSA-264, XSA-265, XSA-266
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: XSA-268, XSA-269, XSA-272, XSA-273
Blocks:
  Show dependency tree
 
Reported: 2018-06-27 21:53 UTC by Vlad K.
Modified: 2018-10-30 21:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlad K. 2018-06-27 21:53:34 UTC
Multiple vulnerabilities have been found in the Xen hypervisor:

* CVE-2018-12891 (XSA-264)
  http://xenbits.xen.org/xsa/advisory-264.html

  Preemption checks bypassed in x86 PV MM handling.

  All Xen versions from 3.4 onwards are vulnerable.


* CVE-2018-12892 (XSA-266)
  http://xenbits.xen.org/xsa/advisory-266.html

  libxl fails to honour readonly flag on HVM emulated SCSI disks

  The vulnerability is present in Xen versions 4.7 and later.


* CVE-2018-12893 (XSA-265)
  http://xenbits.xen.org/xsa/advisory-265.html

  x86: #DB exception safety check can be triggered by a guest

  One of the fixes in XSA-260 added some safety checks to help prevent Xen
  livelocking with debug exceptions. Unfortunately, due to an oversight, at
  least one of these safety checks can be triggered by a guest.

  All Xen systems which have applied the XSA-260 fix are vulnerable.


--

Gentoo Security Scout
Vladimir Krstulja
Comment 1 Vlad K. 2018-06-27 22:22:27 UTC
Revising severity: no specific configuration required, and per XSA-266 the domU users may be able to modify assigned read-only SCSI disk images.
Comment 2 Larry the Git Cow gentoo-dev 2018-07-17 11:07:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ef4e6575bdfb96b79db1469f37a5b9c3de2ab17

commit 2ef4e6575bdfb96b79db1469f37a5b9c3de2ab17
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2018-07-13 16:55:30 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-07-17 11:06:56 +0000

    app-emulation/xen: bump to 4.11.0
    
    Bug: https://bugs.gentoo.org/659442
    Package-Manager: Portage-2.3.42, Repoman-2.3.9

 app-emulation/xen-tools/Manifest    |   2 +-
 app-emulation/xen/Manifest          |   3 +-
 app-emulation/xen/xen-4.11.0.ebuild | 172 ++++++++++++++++++++++++++++++++++++
 3 files changed, 175 insertions(+), 2 deletions(-)
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-10 09:54:00 UTC
Added to an existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:06:43 UTC
This issue was resolved and addressed in
 GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06
by GLSA coordinator Thomas Deutschmann (whissi).