Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
On Tue, 11 Apr 2017 18:38:22 +0100 Ian Jackson <ian.jack...@eu.citrix.com> wrote: > Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in > memory_exchange() permits PV guest breakout (XSA-212)"): > > Hi Xen maintainers, > > Is there any update on this bug? > > Sorry for having dropping this. I will try to sort out this (and the > other outstanding security issues with this package) this week. > > Ian. > > Hi Ian, Thanks for looking into this. :) ~Niels
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Niels Thykier writes ("Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)"): > Hi Xen maintainers, > Is there any update on this bug? Sorry for having dropping this. I will try to sort out this (and the other outstanding security issues with this package) this week. Ian.
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
On Tue, 04 Apr 2017 21:49:44 +0200 Salvatore Bonaccorsowrote: > Source: xen > Version: 4.8.1~pre.2017.01.23-1 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > the following vulnerability was published for xen. > > CVE-2017-7228[0]: > | An issue (known as XSA-212) was discovered in Xen, with fixes available > | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix > | introduced an insufficient check on XENMEM_exchange input, allowing the > | caller to drive hypervisor memory accesses outside of the guest > | provided input/output arrays. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-7228 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228 > [1] https://xenbits.xen.org/xsa/advisory-212.html > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > Hi Xen maintainers, Is there any update on this bug? Thanks, ~Niels
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input, allowing the | caller to drive hypervisor memory accesses outside of the guest | provided input/output arrays. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228 [1] https://xenbits.xen.org/xsa/advisory-212.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore