Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812485 (CVE-2021-28701, XSA-384) - <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021-28701)
Summary: <app-emulation/xen-{4.14.3,4.15.1}: race in XENMAPSPACE_grant_table (CVE-2021...
Status: CONFIRMED
Alias: CVE-2021-28701, XSA-384
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://xenbits.xen.org/xsa/advisory-3...
Whiteboard: B4 [glsa?]
Keywords:
Depends on: CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, XSA-378, XSA-379, XSA-380, XSA-382, XSA-383
Blocks:
  Show dependency tree
 
Reported: 2021-09-10 19:28 UTC by John Helmert III
Modified: 2021-12-18 02:44 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-09-10 19:28:42 UTC
CVE-2021-28701:

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
Comment 1 Larry the Git Cow gentoo-dev 2021-09-18 09:50:10 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2c2f779b6943e83e77b248b567c1e1d840c137

commit 4f2c2f779b6943e83e77b248b567c1e1d840c137
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-09-11 11:01:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-09-18 09:49:58 +0000

    app-emulation/xen: bump to 4.14.3/4.15.1
    
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/810341
    Closes: https://bugs.gentoo.org/800935
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/22270
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/xen/Manifest                   |   2 +
 app-emulation/xen/files/xen-4.15-flask.patch |  13 +++
 app-emulation/xen/xen-4.14.3.ebuild          | 167 +++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1.ebuild          | 167 +++++++++++++++++++++++++++
 4 files changed, 349 insertions(+)
Comment 2 Tomáš Mózes 2021-12-18 01:13:11 UTC
This is done, tree clean.