CVE-2017-17046 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17046): An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. CVE-2017-17045 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17045): An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. CVE-2017-17044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17044): An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
Fixed in =app-emulation/xen-4.8.2-r3.
Freeing CVE-2017-17044 which is covered in bug 637540 by XSA-246.
Freeing CVE-2017-17045 as it is covered in bug 637542 by XSA-247.
Vulnerability only affects Xen running on ARM processors. Package has no stable keyword for Gentoo's arm/arm64 architecture.
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 201801-14 at https://security.gentoo.org/glsa/201801-14 by GLSA coordinator Thomas Deutschmann (whissi).
