New Xen XSA's
A bunch of Xen security issues are now public after the usual embargo.
Note: website to check all XSA's is https://xenbits.xen.org/xsa/
XSA 294: insufficient TLB flushing
The major/most visible flaw (XSA 294)was related to a host crash triggered by a PV guest. Some users (@borzel for example), reported it here: https://xcp-ng.org/forum/topic/1025/host-crash-guest_4-o-sh_page_fault__guest 64 bits PV guests are affected.
Note: boot your host with the "pcid=0" parameter. This will likely have an impact on performance but should avoid the crash.
However, it was before the end of the embargo, so we can't comment and release a patch before it's known publicly.
Patched Xen will be available in the usual update channel as soon we got something tested and validated.
The list of other new XSA's are:
- XSA 293: 64 bits PV guests can crash or be used for privilege escalation
- XSA 292: PV guests could cause a host crash or access data of other guests (similar to XSA 294)
- XSA 291: PV guests could cause a DDOS on the host via IOMMU
- XSA 290: PV guests could cause a DDOS on the hostto XSA 294)
All those vuln will be patched in the next Xen update. Stay tuned!
@olivierlambert Oli, thanks for the update and all the hard work the guys are putting into XCP.
- The updates have been made available by Citrix on last wednesday
- We've published update candidates for testers on thursday
- Updates for XCP-ng 7.6 have been made available to everyone yesterday
- Updates for XCP-ng 7.5 have been made available to everyone this morning
- Blog post published: https://xcp-ng.org/blog/2019/03/12/xcp-ng-security-bulletin-vulnerabilities-pv-guests/