@ronan-a , feel free to introduce yourself here (and the stuff you are working on)
Best posts made by olivierlambert
New Xen XSA's
A bunch of Xen security issues are now public after the usual embargo.
Note: website to check all XSA's is https://xenbits.xen.org/xsa/
XSA 294: insufficient TLB flushing
The major/most visible flaw (XSA 294)was related to a host crash triggered by a PV guest. Some users (@borzel for example), reported it here: https://xcp-ng.org/forum/topic/1025/host-crash-guest_4-o-sh_page_fault__guest 64 bits PV guests are affected.
Note: boot your host with the "pcid=0" parameter. This will likely have an impact on performance but should avoid the crash.
However, it was before the end of the embargo, so we can't comment and release a patch before it's known publicly.
Patched Xen will be available in the usual update channel as soon we got something tested and validated.
The list of other new XSA's are:
- XSA 293: 64 bits PV guests can crash or be used for privilege escalation
- XSA 292: PV guests could cause a host crash or access data of other guests (similar to XSA 294)
- XSA 291: PV guests could cause a DDOS on the host via IOMMU
- XSA 290: PV guests could cause a DDOS on the hostto XSA 294)
All those vuln will be patched in the next Xen update. Stay tuned!