Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812485 (CVE-2021-28701, XSA-384) - <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021-28701)
Summary: <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021...
Alias: CVE-2021-28701, XSA-384
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa+]
Depends on: CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, XSA-378, XSA-379, XSA-380, XSA-382, XSA-383
  Show dependency tree
Reported: 2021-09-10 19:28 UTC by John Helmert III
Modified: 2022-08-14 14:34 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 19:28:42 UTC

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
Comment 1 Larry the Git Cow gentoo-dev 2021-09-18 09:50:10 UTC
The bug has been referenced in the following commit(s):

commit 4f2c2f779b6943e83e77b248b567c1e1d840c137
Author:     Tomáš Mózes <>
AuthorDate: 2021-09-11 11:01:18 +0000
Commit:     Joonas Niilola <>
CommitDate: 2021-09-18 09:49:58 +0000

    app-emulation/xen: bump to 4.14.3/4.15.1
    Signed-off-by: Tomáš Mózes <>
    Signed-off-by: Joonas Niilola <>

 app-emulation/xen/Manifest                   |   2 +
 app-emulation/xen/files/xen-4.15-flask.patch |  13 +++
 app-emulation/xen/xen-4.14.3.ebuild          | 167 +++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1.ebuild          | 167 +++++++++++++++++++++++++++
 4 files changed, 349 insertions(+)
Comment 2 Tomáš Mózes 2021-12-18 01:13:11 UTC
This is done, tree clean.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:51:55 UTC
GLSA request filed
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:30:49 UTC
GLSA done, all done.
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 14:34:01 UTC
The bug has been referenced in the following commit(s):

commit 22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1
Author:     GLSAMaker <>
AuthorDate: 2022-08-14 14:28:39 +0000
Commit:     Sam James <>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-23 ] Xen: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Sam James <>

 glsa-202208-23.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)