January 2021 Security Update

Security Jan 25, 2021

A security issue related to PCI passthrough has been identified and fixed in XCP-ng 8.2.

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.
secupdates-1

Summary

A flaw in Xen's handling of PCI passthrough may allow a guest with a passed through device to cause a denial of service affecting the pass through of all devices on the host.

XCP-ng 8.1 is not affected.

A sweet collaboration story

This specific issue has originally been reported on our forum by users who had issues with passed through devices when they rebooted FreeBSD guests. With their help, XCP-ng's team has been able to identify a specific patch in Xen 4.13.1 as the cause for the issue.

We have then reported it upstream, that is, to the Xen project. That's when one of the Xen developers, who is working for Citrix, identified it as a security issue and provided a fix.

In the end, this is the successful collaboration between users, XCP-ng developers from Vates, the Xen Project and Citrix. The kind of story that free software makes possible, and that is always very gratifying for all of us.

References

Tags

Samuel Verschelde

XCP-ng Lead Maintainer, Release Manager and Technical Product Manager. Open Source enthusiast since 2002.