Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 771117 (CVE-2021-26933, XSA-364) - <app-emulation/xen-{4.13.2-r5,4.14.1-r1}: insufficient memory isolation between guests (CVE-2021-26933)
Summary: <app-emulation/xen-{4.13.2-r5,4.14.1-r1}: insufficient memory isolation betwe...
Status: IN_PROGRESS
Alias: CVE-2021-26933, XSA-364
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [cleanup]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-02-17 16:21 UTC by John Helmert III
Modified: 2021-02-25 17:13 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-02-17 16:21:47 UTC
XSA-361/CVE-2021-26932 (https://xenbits.xenproject.org/xsa/advisory-361.html):

A malicious or buggy frontend driver may be able to crash the
corresponding backend driver, causing a denial of service potentially
affecting the entire domain running the backend driver.

A malicious or buggy frontend driver may be able to cause resource
leaks in the domain running the corresponding backend driver, leading
to a denial of service.

XSA-362/CVE-2021-26931 (https://xenbits.xenproject.org/xsa/advisory-362.html):

A malicious or buggy frontend driver may be able to crash the
corresponding backend driver, potentially affecting the entire domain
running the backend driver.

XSA-363/CVE-2021-26934 (https://xenbits.xenproject.org/xsa/advisory-363.html):

The backend allocation mode of Linux'es drm_xen_front drivers was
not meant to be a supported configuration, but this wasn't stated
accordingly in its support status entry.

Use of the feature may have unknown effects.

XSA-364/CVE-2021-26933 (https://xenbits.xenproject.org/xsa/advisory-364.html):

A malicious guest may be able to read sensitive data from memory that
previously belonged to another guest.

XSA-365/CVE-2021-26930 (https://xenbits.xenproject.org/xsa/advisory-365.html):

A malicious or buggy frontend driver may be able to crash the
corresponding backend driver, potentially affecting the entire domain
running the backend driver.  In configurations without driver domains
or similar disaggregation, that is a host-wide denial of sevice.

Privilege escalation and information leaks cannot be ruled out.


Patches at advisory URLs. Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-02-21 16:08:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e79e7791eb59e8afeb86e1ef75d5b955492c2e06

commit e79e7791eb59e8afeb86e1ef75d5b955492c2e06
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-02-19 13:33:20 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-02-21 16:07:56 +0000

    app-emulation/xen: add security patches
    
    Fixes XSA-364.
    
    Bug: https://bugs.gentoo.org/742272
    Bug: https://bugs.gentoo.org/771117
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.13.2-r5.ebuild | 165 +++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.14.1-r1.ebuild | 165 +++++++++++++++++++++++++++++++++
 3 files changed, 332 insertions(+)
Comment 2 John Helmert III gentoo-dev Security 2021-02-23 00:59:49 UTC
Only patched for XSA-364? Are we unaffected for the other issues?
Comment 3 Tomáš Mózes 2021-02-23 06:48:42 UTC
(In reply to John Helmert III (ajak) from comment #2)
> Only patched for XSA-364? Are we unaffected for the other issues?

The others are fixed in the kernel itself.
Comment 5 Tomáš Mózes 2021-02-24 05:28:25 UTC
Fixes included in kernels:
5.10.18
5.4.100
4.19.177
4.14.222
4.9.258
4.4.258
Comment 6 John Helmert III gentoo-dev Security 2021-02-24 13:30:02 UTC
(In reply to Tomáš Mózes from comment #5)
> Fixes included in kernels:
> 5.10.18
> 5.4.100
> 4.19.177
> 4.14.222
> 4.9.258
> 4.4.258

Thanks! Downgrading to B4 since XSA-364 seems to just be information disclosure.
Comment 7 John Helmert III gentoo-dev Security 2021-02-24 14:28:18 UTC
(In reply to John Helmert III (ajak) from comment #6)
> (In reply to Tomáš Mózes from comment #5)
> > Fixes included in kernels:
> > 5.10.18
> > 5.4.100
> > 4.19.177
> > 4.14.222
> > 4.9.258
> > 4.4.258
> 
> Thanks! Downgrading to B4 since XSA-364 seems to just be information
> disclosure.

And as such it's only affecting arm for which xen is only unstable, so down to ~4 and we'll keep stabling to enable cleanup. Sorry for all the noise.
Comment 8 Sam James archtester gentoo-dev Security 2021-02-25 06:39:28 UTC
amd64 done

all arches done
Comment 9 John Helmert III gentoo-dev Security 2021-02-25 17:13:51 UTC
Please cleanup.