July 2020 XCP-ng Security Updates

Security Jul 10, 2020

Security updates are available for the two supported releases of XCP-ng: 8.0 and 8.1.

To update, follow this guide. You can also join the discussion on our community forum. Reboot after updating.

The fixed vulnerabilities are only believed to pose a risk in specific configurations.

secupdates-1

Impact: "A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host."
Vulnerable systems: "Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability."
Resolution: Apply the updates on your XCP-ng hosts and reboot.

Impact: "A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out."
Vulnerable systems: "Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. [...]"
Resolution: Apply the updates on your XCP-ng hosts and reboot.