Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655188 (XSA-268, XSA-269, XSA-272, XSA-273) - <app-emulation/xen-{4.10.1-r2,4.11.0-r2}: multiple vulnerabilities (XSA-{268,269,272,273})
Summary: <app-emulation/xen-{4.10.1-r2,4.11.0-r2}: multiple vulnerabilities (XSA-{268,...
Status: RESOLVED FIXED
Alias: XSA-268, XSA-269, XSA-272, XSA-273
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Deadline: 2018-09-12
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
: 666104 (view as bug list)
Depends on:
Blocks: CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262 CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, XSA-264, XSA-265, XSA-266
  Show dependency tree
 
Reported: 2018-05-07 16:58 UTC by GLSAMaker/CVETool Bot
Modified: 2018-10-30 21:06 UTC (History)
3 users (show)

See Also:
Package list:
app-emulation/xen-4.10.1-r2 amd64 app-emulation/xen-tools-4.10.1-r2 amd64 x86 app-emulation/xen-pvgrub-4.10.1 amd64
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-05-07 16:58:05 UTC 
CVE-2018-7542 (https://nvd.nist.gov/vuln/detail/CVE-2018-7542):
  An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest
  OS users to cause a denial of service (NULL pointer dereference and
  hypervisor crash) by leveraging the mishandling of configurations that lack
  a Local APIC.

CVE-2018-7541 (https://nvd.nist.gov/vuln/detail/CVE-2018-7541):
  An issue was discovered in Xen through 4.10.x allowing guest OS users to
  cause a denial of service (hypervisor crash) or gain privileges by
  triggering a grant-table transition from v2 to v1.

CVE-2018-7540 (https://nvd.nist.gov/vuln/detail/CVE-2018-7540):
  An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users
  to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4
  pagetable freeing.

CVE-2018-5244 (https://nvd.nist.gov/vuln/detail/CVE-2018-5244):
  In Xen 4.10, new infrastructure was introduced as part of an overhaul to how
  MSR emulation happens for guests. Unfortunately, one tracking structure
  isn't freed when a vcpu is destroyed. This allows guest OS administrators to
  cause a denial of service (host OS memory consumption) by rebooting many
  times.

CVE-2018-10472 (https://nvd.nist.gov/vuln/detail/CVE-2018-10472):
  An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS
  users (in certain configurations) to read arbitrary dom0 files via QMP live
  insertion of a CDROM, in conjunction with specifying the target file as the
  backing file of a snapshot.

CVE-2018-10471 (https://nvd.nist.gov/vuln/detail/CVE-2018-10471):
  An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users
  to cause a denial of service (out-of-bounds zero write and hypervisor crash)
  via unexpected INT 80 processing, because of an incorrect fix for
  CVE-2017-5754.
Comment 1 D'juan McDonald (domhnall) 2018-06-21 21:37:53 UTC 
https://xenbits.xen.org/xsa/advisory-256.html Addresses CVE-2018-7542

https://xenbits.xen.org/xsa/advisory-255.html Addresses CVE-2010-7541

https://xenbits.xen.org/xsa/advisory-252.html Addresses CVE-2018-7540

https://xenbits.xen.org/xsa/advisory-253.html Addresses CVE-2018-5244

https://xenbits.xen.org/xsa/advisory-258.html Addresses CVE-2018-10472

https://xenbits.xen.org/xsa/advisory-259.html Addresses CVE-2018-10471
Comment 2 Larry the Git Cow gentoo-dev 2018-07-17 11:07:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec669947a76c8f65210a5e57cb1b66eaae18987

commit 2ec669947a76c8f65210a5e57cb1b66eaae18987
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2018-07-13 16:51:07 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-07-17 11:06:56 +0000

    app-emulation/xen: bump to 4.10.1
    
    Bug: https://bugs.gentoo.org/655544
    Bug: https://bugs.gentoo.org/655188
    Package-Manager: Portage-2.3.42, Repoman-2.3.9

 app-emulation/xen/Manifest          |   2 +
 app-emulation/xen/xen-4.10.1.ebuild | 172 ++++++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
Comment 3 Tomáš Mózes 2018-08-01 12:12:22 UTC 
Please let's merge https://github.com/gentoo/gentoo/pull/9269 and stabilize 4.10.1-r1, it fixes multiple CVEs.
Comment 4 Tomáš Mózes 2018-08-20 09:07:10 UTC 
Please call stabilization of 4.10.1-r1.
Comment 5 Tomáš Mózes 2018-09-10 06:31:41 UTC 
Version 4.10.1-r2 covers all xsa fixes in the stable tree until now, so it's the preferred candidate for stabilization.
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-10 09:51:33 UTC 
Tomáš Mózes is working on an updated 4.11.x package.

@ maintainer(s): Waiting for your ack to start stabilization. We will proceed with pkg list (i.e. stabilization of 4.10.1-r2) on 2018-09-12 if we don't get a reply.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-10 09:54:37 UTC 
Added to an existing GLSA.
Comment 8 Larry the Git Cow gentoo-dev 2018-09-10 11:09:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=121914a557406df2e88a7fd79af1c554e9222b55

commit 121914a557406df2e88a7fd79af1c554e9222b55
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2018-09-10 10:54:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-09-10 11:09:46 +0000

    app-emulation/xen: bump to 4.11.0-r2
    
    Closes: https://github.com/gentoo/gentoo/pull/9817
    Bug: https://bugs.gentoo.org/655188
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 app-emulation/xen/Manifest             |   1 +
 app-emulation/xen/xen-4.11.0-r2.ebuild | 172 +++++++++++++++++++++++++++++++++
 2 files changed, 173 insertions(+)
Comment 9 Tomáš Mózes 2018-09-13 06:12:27 UTC 
*** Bug 666104 has been marked as a duplicate of this bug. ***
Comment 10 Agostino Sarubbo gentoo-dev 2018-09-18 07:24:22 UTC 
amd64 stable
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-19 17:37:19 UTC 
x86 stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:06:24 UTC 
This issue was resolved and addressed in
 GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06
by GLSA coordinator Thomas Deutschmann (whissi).