June 2021 Security Updates

Security and bugfix updates are available for the only currently supported release of XCP-ng: 8.2 LTS.

To update, follow this guide. You can also join the discussion on our community forum. Hosts reboot necessary after this update.

Summary

Several vulnerabilities have been discovered in Xen as well as in various CPU models from Intel and AMD.

To address this, we released updates to the Xen hypervisor packages used by XCP-ng.

The update also contains updated microcode for Intel CPUs.

Impact

The vulnerabilities discovered in Xen may allow privileged code in a VM to cause hosts to crash or become unresponsive. The VM must have a PCI device passed through to it to leverage the vulnerability.

The CPU hardware vulnerabilities are, again, related to speculative code execution and may, without much surprise, allow data from CPU registers or RAM belonging to processes running on a given CPU to be leaked to a malicious program running on the same CPU.

References