Erratum: July 2023 Security Update - Zenbleed

Security Aug 4, 2023

New security update is available for the only currently supported release of XCP-ng: 8.2 LTS.

To update, follow this guide. You can also join the discussion on our community forum. Host reboots are necessary after this update.

📋 Summary

As the first patch for XSA-433 was released in emergency due to a broken embargo, there wasn't enough time to test and validate everything upstream before releasing the first version.

We followed the upstream release to offer the patch as early as possible. Since last week, an error has been discovered in the previous patch of Xen for the Zenbleed flaw.

That's why we're releasing a new one to stay in sync with upstream and to help you stay safe.

🐛 Bugfix

The earliest patch provided for Xen was buggy. It unintentionally disables more bits than expected in the control register. As the contents of this register are not generally known, the effects on the system are unknown.

This update contains a patch that corrects the behaviour of the first patch for XSA-433 and simply masking the single required bit.