Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 837575 (CVE-2022-26356, CVE-2022-26357, CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361, XSA-397, XSA-399, XSA-400) - <app-emulation/xen-{4.15.2-r2,4.16.0-r5}: multiple vulnerabilities
Summary: <app-emulation/xen-{4.15.2-r2,4.16.0-r5}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-26356, CVE-2022-26357, CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361, XSA-397, XSA-399, XSA-400
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Tomáš Mózes
URL:
Whiteboard: B2 [glsa+]
Keywords: PullRequest
Depends on: 835402
Blocks:
  Show dependency tree
 
Reported: 2022-04-10 05:17 UTC by Tomáš Mózes
Modified: 2024-02-04 07:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2022-04-10 05:17:16 UTC
Racy interactions between dirty vram tracking and paging log dirty hypercalls
https://xenbits.xen.org/xsa/advisory-397.html

race in VT-d domain ID cleanup
https://xenbits.xen.org/xsa/advisory-399.html

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
https://xenbits.xen.org/xsa/advisory-400.html
Comment 1 Larry the Git Cow gentoo-dev 2022-04-14 05:54:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d0804dc6b2577d34228030cc22b5fbaaf71e813

commit 8d0804dc6b2577d34228030cc22b5fbaaf71e813
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-04-10 05:20:33 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2022-04-14 05:53:28 +0000

    app-emulation/xen: add upstream patches
    
    Fixes: XSA-397,XSA-399,XSA-400
    Fixes: CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361
    Bug: https://bugs.gentoo.org/837575
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.15.2-r2.ebuild | 163 ++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.16.0-r5.ebuild | 166 +++++++++++++++++++++++++++++++++
 3 files changed, 331 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-05-06 09:51:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb9aa87bd434697ffbf7e50109661f2e9fe14e32

commit cb9aa87bd434697ffbf7e50109661f2e9fe14e32
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-05-05 20:41:45 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2022-05-06 09:50:31 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/837575
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen/Manifest             |   2 -
 app-emulation/xen/xen-4.15.1-r3.ebuild | 163 ---------------------------------
 2 files changed, 165 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-10 15:54:03 UTC
Thanks!
Comment 4 Larry the Git Cow gentoo-dev 2024-02-04 07:17:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f8db3fdbc2235dee30f5c1ea206584ecabbe484

commit 3f8db3fdbc2235dee30f5c1ea206584ecabbe484
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 07:16:20 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 07:16:59 +0000

    [ GLSA 202402-07 ] Xen: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/754105
    Bug: https://bugs.gentoo.org/757126
    Bug: https://bugs.gentoo.org/826998
    Bug: https://bugs.gentoo.org/837575
    Bug: https://bugs.gentoo.org/858122
    Bug: https://bugs.gentoo.org/876790
    Bug: https://bugs.gentoo.org/879031
    Bug: https://bugs.gentoo.org/903624
    Bug: https://bugs.gentoo.org/905389
    Bug: https://bugs.gentoo.org/915970
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-07.xml | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)