Your message dated Mon, 03 Apr 2023 13:49:31 +0000 with message-id <e1pjkyt-008lfe...@fasolo.debian.org> and subject line Bug#1033297: fixed in xen 4.17.0+74-g3eac216e6e-1 has caused the Debian Bug report #1033297, regarding xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033297 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254), one entrypath performs its speculation-safety actions too | late. In some configurations, there is an unprotected RET instruction | which can be attacked with a variety of speculative attacks. CVE-2022-42332[1]: | x86 shadow plus log-dirty mode use-after-free In environments where | host assisted address translation is necessary but Hardware Assisted | Paging (HAP) is unavailable, Xen will run guests in so called shadow | mode. Shadow mode maintains a pool of memory used for both shadow page | tables as well as auxiliary data structures. To migrate or snapshot | guests, Xen additionally runs them in so called log-dirty mode. The | data structures needed by the log-dirty tracking are part of | aformentioned auxiliary data. In order to keep error handling efforts | within reasonable bounds, for operations which may require memory | allocations shadow mode logic ensures up front that enough memory is | available for the worst case requirements. Unfortunately, while page | table memory is properly accounted for on the code path requiring the | potential establishing of new shadows, demands by the log-dirty | infrastructure were not taken into consideration. As a result, just | established shadow page tables could be freed again immediately, while | other code is still accessing them on the assumption that they would | remain allocated. CVE-2022-42333[2]: | x86/HVM pinned cache attributes mis-handling T[his CNA information | record relates to multiple CVEs; the text explains which | aspects/vulnerabilities correspond to which CVE.] To allow cachability | control for HVM guests with passed through devices, an interface | exists to explicitly override defaults which would otherwise be put in | place. While not exposed to the affected guests themselves, the | interface specifically exists for domains controlling such guests. | This interface may therefore be used by not fully privileged entities, | e.g. qemu running deprivileged in Dom0 or qemu running in a so called | stub-domain. With this exposure it is an issue that - the number of | the such controlled regions was unbounded (CVE-2022-42333), - | installation and removal of such regions was not properly serialized | (CVE-2022-42334). CVE-2022-42334[3]: | x86/HVM pinned cache attributes mis-handling T[his CNA information | record relates to multiple CVEs; the text explains which | aspects/vulnerabilities correspond to which CVE.] To allow cachability | control for HVM guests with passed through devices, an interface | exists to explicitly override defaults which would otherwise be put in | place. While not exposed to the affected guests themselves, the | interface specifically exists for domains controlling such guests. | This interface may therefore be used by not fully privileged entities, | e.g. qemu running deprivileged in Dom0 or qemu running in a so called | stub-domain. With this exposure it is an issue that - the number of | the such controlled regions was unbounded (CVE-2022-42333), - | installation and removal of such regions was not properly serialized | (CVE-2022-42334). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-42331 https://www.cve.org/CVERecord?id=CVE-2022-42331 [1] https://security-tracker.debian.org/tracker/CVE-2022-42332 https://www.cve.org/CVERecord?id=CVE-2022-42332 [2] https://security-tracker.debian.org/tracker/CVE-2022-42333 https://www.cve.org/CVERecord?id=CVE-2022-42333 [3] https://security-tracker.debian.org/tracker/CVE-2022-42334 https://www.cve.org/CVERecord?id=CVE-2022-42334 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: xen Source-Version: 4.17.0+74-g3eac216e6e-1 Done: Maximilian Engelhardt <m...@daemonizer.de> We believe that the bug you reported is fixed in the latest version of xen, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Maximilian Engelhardt <m...@daemonizer.de> (supplier of updated xen package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Mar 2023 22:22:48 +0100 Source: xen Architecture: source Version: 4.17.0+74-g3eac216e6e-1 Distribution: unstable Urgency: medium Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org> Changed-By: Maximilian Engelhardt <m...@daemonizer.de> Closes: 1033297 Changes: xen (4.17.0+74-g3eac216e6e-1) unstable; urgency=medium . * Update to new upstream version 4.17.0+74-g3eac216e6e, which also contains security fixes for the following issues: (Closes: #1033297) - x86 shadow plus log-dirty mode use-after-free XSA-427 CVE-2022-42332 - x86/HVM pinned cache attributes mis-handling XSA-428 CVE-2022-42333 CVE-2022-42334 - x86: speculative vulnerability in 32bit SYSCALL path XSA-429 CVE-2022-42331 Checksums-Sha1: 05d9cd74fa9166515ed9ff5b5a1220fddabd689e 4482 xen_4.17.0+74-g3eac216e6e-1.dsc c64f1493de1dca4eda8eebb17abc087ddd233c59 4657056 xen_4.17.0+74-g3eac216e6e.orig.tar.xz af8fd0ea63d68b0475c0adb484d20a369914268d 136676 xen_4.17.0+74-g3eac216e6e-1.debian.tar.xz Checksums-Sha256: 80fab64a2ba48e1f008cd57f8d060de3f7028ceecbdf445324dc358d57984741 4482 xen_4.17.0+74-g3eac216e6e-1.dsc 6ffff48e2392ff2aa2749c638c30d9af8209397b856280969fa3b7e909852c38 4657056 xen_4.17.0+74-g3eac216e6e.orig.tar.xz aebc1e8a3f206a19f87455968ce119dad749d99e2f2314c6ff7ada2812709d45 136676 xen_4.17.0+74-g3eac216e6e-1.debian.tar.xz Files: b235c29e6ee51d636eb3b950c633eabe 4482 admin optional xen_4.17.0+74-g3eac216e6e-1.dsc b7fad65ca2a3480f635338373366542d 4657056 admin optional xen_4.17.0+74-g3eac216e6e.orig.tar.xz c5494e12ae0208c6ab16a0b42ced4c99 136676 admin optional xen_4.17.0+74-g3eac216e6e-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmQq1toACgkQssHfcmNh X2y+CQ/+MZDZ4HaV7xHpc0EjG8fbF7VnOaVexamavD8gzsfiXkZWbbe5Ul7SoRti moUXC9fwP5+K0vCEc+RnRkPy00A/6TZJcxmB8tuW0U93dgZoCCKs5pelfaYCdeD+ DqLrZjG+FXWaU55UyyiuDP9Nm1nJiBXXVK9vGlS3cVqHrpCI0I0U/Qn7KpWisxwV BLBP/91upv6qNOgLrWB1LB87aGHK9afm6bMX5EwHqWg5NIcJ47uRcT2KWtcJq2AY bIKZ5Q5a7FJvFbekVQrdzWL8gd8dysfjwI86GdoqUfvRsX4cPo8ynsV7o9BjZ6Qg 2AWfe9u/mJPsk0QZSkfgMQfVGtwR6WB8NlELoxc/nKgcG4h3Di3nFY7o0hnGV0OO CO7omwIhbMCNK4N0zEXCW3KIPyzmmb1yg9M0Ua17cw/8JshgrXnffns3cbnP35gY vYJHwCBVKq7EIB5FMg2KO1rthExTU0t6AoEnI+/yNNwR+TrviPFzWY1+p3GuLm6C NAvJxQAO+tNTpbV8ADhu6oLsRemVcsxoOnGZji3tx+/z07TNR9uvBQuTAMkxklCv fMLX9nkTmXsPujZHpdPub9MZnIxljPONXopBvpeCb5wQX3tYshRsYL1/4yH4nfhZ pE6429kphtQPgqcscuW+GsoeZYtJk1xnMXmMQYXME/Hsc0M5JAo= =R2sr -----END PGP SIGNATURE-----
--- End Message ---
