CVE-2017-15595 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15595): An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. References: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15594 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15594): An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. References: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15593 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15593): An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. References: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15592 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15592): An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. References: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15591 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15591): An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. References: https://xenbits.xen.org/xsa/advisory-238.html CVE-2017-15590 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15590): An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. References: https://xenbits.xen.org/xsa/advisory-237.html CVE-2017-15589 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15589): An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. References: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15588 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15588): An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. References: https://xenbits.xen.org/xsa/advisory-241.html Note: Only x86 is affected, patches are in the references.
Should be fixed by: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f5090c0542f03940ace5c25954ddbed4aa6256f https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb2eba50033bc28a68c10f18c5393fc2a841c335
*** Bug 637602 has been marked as a duplicate of this bug. ***
(In reply to Tomáš Mózes from comment #1) > Should be fixed by: > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=9f5090c0542f03940ace5c25954ddbed4aa6256f > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=fb2eba50033bc28a68c10f18c5393fc2a841c335 Seems like only parts of it were fixed by that commit. We need to pull the changes from stable-4.8 and create a new patch tarball.
I haven't checked if all XSA's are already fixed in previous versions in Gentoo but at least they are part of =app-emulation/xen-4.8.2-r3: > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-240' . > ./0023-x86-limit-linear-page-table-use-to-a-single-level.patch:This is XSA-240. > ./0048-x86-don-t-wrongly-trigger-linear-page-table-assertio.patch:This is part of XSA-240. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-244' . > ./0027-x86-cpu-Fix-IST-handling-during-PCPU-bringup.patch:This is XSA-244. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-242' . > ./0025-x86-don-t-allow-page_unlock-to-drop-the-last-type-re.patch:This is XSA-242. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-243' . > ./0026-x86-shadow-Don-t-create-self-linear-shadow-mappings-.patch:This is XSA-243. > ./0049-x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh.patch:The fix for XSA-243 / CVE-2017-15592 (c/s bf2b4eadcf379) introduced a change > ./0049-x86-shadow-correct-SH_LINEAR-mapping-detection-in-sh.patch:This is part of XSA-243. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-238' . > ./0021-x86-ioreq-server-correctly-handle-bogus-XEN_DMOP_-un.patch:This is XSA-238. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-237' . > ./0017-x86-enforce-proper-privilege-when-un-mapping-pIRQ-s.patch:This is part of XSA-237. > ./0016-x86-don-t-allow-MSI-pIRQ-mapping-on-unowned-device.patch:This is part of XSA-237. > ./0019-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-m.patch:This is part of XSA-237. > ./0018-x86-MSI-disallow-redundant-enabling.patch:This is part of XSA-237. > ./0020-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook.patch:This is part of XSA-237. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-239' . > ./0022-x86-HVM-prefill-partially-used-variable-on-emulation.patch:This is XSA-239. > vm-gentoo-x64 /var/tmp/portage/app-emulation/xen-4.8.2-r3/work/patches-upstream # grep -Fr 'XSA-241' . > ./0024-x86-don-t-store-possibly-stale-TLB-flush-time-stamp.patch:This is XSA-241. >
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201801-14 at https://security.gentoo.org/glsa/201801-14 by GLSA coordinator Thomas Deutschmann (whissi).