Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 744202 (CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25598, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604, XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343, XSA-344) - <app-emulation/xen-{4.13.1-r4, 4.14.0-r1}: Multiple vulnerabilities (XSA-{333,334,336,337,338,339,340,342,343,344})
Summary: <app-emulation/xen-{4.13.1-r4, 4.14.0-r1}: Multiple vulnerabilities (XSA-{333...
Status: RESOLVED FIXED
Alias: CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25598, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604, XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343, XSA-344
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-23 03:35 UTC by Sam James
Modified: 2020-11-11 03:52 UTC (History)
3 users (show)

See Also:
Package list:
app-emulation/xen-4.13.1-r4 amd64 app-emulation/xen-tools-4.13.1-r4
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-09-23 03:35:06 UTC
* XSA-333 (CVE-2020-25602)

Description:
"x86 pv: Crash when handling guest access to MSR_MISC_ENABLE"

URL: https://xenbits.xen.org/xsa/advisory-333.html

* XSA-334 (CVE-2020-25598)

Description:
"Missing unlock in XENMEM_acquire_resource error path"

URL: https://xenbits.xen.org/xsa/advisory-334.html

* XSA-336 (CVE-2020-25604)

Description:
"race when migrating timers between x86 HVM vCPU-s"

URL: https://xenbits.xen.org/xsa/advisory-336.html

* XSA-337 (CVE-2020-25595)

Description:
"PCI passthrough code reading back hardware registers"

URL: https://xenbits.xen.org/xsa/advisory-337.html

* XSA-338 (CVE-2020-25597)

Description:
"once valid event channels may not turn invalid"

URL: https://xenbits.xen.org/xsa/advisory-338.html

* XSA-339 (CVE-2020-25596)

Description:
"x86 pv guest kernel DoS via SYSENTER"

URL: https://xenbits.xen.org/xsa/advisory-339.html

* XSA-340 (CVE-2020-25603)

Description:
"Missing memory barriers when accessing/allocating an event channel"

URL: https://xenbits.xen.org/xsa/advisory-340.html

* XSA-342 (CVE-2020-25600)

Description:
"out of bounds event channels available to 32-bit x86 domains"

URL: https://xenbits.xen.org/xsa/advisory-342.html

* XSA-343 (CVE-2020-25599)

Description:
"races with evtchn_reset()"

URL: https://xenbits.xen.org/xsa/advisory-343.html

* XSA-344 (CVE-2020-25601)

Description:
"lack of preemption in evtchn_reset() / evtchn_destroy()"

URL: https://xenbits.xen.org/xsa/advisory-344.html
Comment 2 Agostino Sarubbo gentoo-dev 2020-10-07 07:11:47 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-10-09 08:33:34 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 NATTkA bot gentoo-dev 2020-11-10 15:33:47 UTC
Unable to check for sanity:

> no match for package: app-emulation/xen-4.13.1-r4
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-11-11 03:49:49 UTC
This issue was resolved and addressed in
 GLSA 202011-06 at https://security.gentoo.org/glsa/202011-06
by GLSA coordinator Sam James (sam_c).