Multiple vulnerabilities have been found in the Xen hypervisor:
* CVE-2018-12891 (XSA-264)
Preemption checks bypassed in x86 PV MM handling.
All Xen versions from 3.4 onwards are vulnerable.
* CVE-2018-12892 (XSA-266)
libxl fails to honour readonly flag on HVM emulated SCSI disks
The vulnerability is present in Xen versions 4.7 and later.
* CVE-2018-12893 (XSA-265)
x86: #DB exception safety check can be triggered by a guest
One of the fixes in XSA-260 added some safety checks to help prevent Xen
livelocking with debug exceptions. Unfortunately, due to an oversight, at
least one of these safety checks can be triggered by a guest.
All Xen systems which have applied the XSA-260 fix are vulnerable.
Gentoo Security Scout
Revising severity: no specific configuration required, and per XSA-266 the domU users may be able to modify assigned read-only SCSI disk images.
The bug has been referenced in the following commit(s):
Author: Tomas Mozes <email@example.com>
AuthorDate: 2018-07-13 16:55:30 +0000
Commit: Mikle Kolyada <firstname.lastname@example.org>
CommitDate: 2018-07-17 11:06:56 +0000
app-emulation/xen: bump to 4.11.0
Package-Manager: Portage-2.3.42, Repoman-2.3.9
app-emulation/xen-tools/Manifest | 2 +-
app-emulation/xen/Manifest | 3 +-
app-emulation/xen/xen-4.11.0.ebuild | 172 ++++++++++++++++++++++++++++++++++++
3 files changed, 175 insertions(+), 2 deletions(-)
Added to an existing GLSA.
This issue was resolved and addressed in
GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06
by GLSA coordinator Thomas Deutschmann (whissi).