Your message dated Thu, 18 May 2023 22:55:48 +0200
with message-id <12210868.O9o76ZdvQC@eisbaer>
and subject line Bug#1036298: fixed in xen 4.17.1+2-gb773c48e36-1
has caused the Debian Bug report #1036298,
regarding xen: CVE-2022-42336: XSA-431: Mishandling of guest SSBD selection on
AMD hardware
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1036298: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036298
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xen
Version: 4.17.0+74-g3eac216e6e-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for xen.
CVE-2022-42336[0]:
| Mishandling of guest SSBD selection on AMD hardware The current logic
| to set SSBD on AMD Family 17h and Hygon Family 18h processors requires
| that the setting of SSBD is coordinated at a core level, as the
| setting is shared between threads. Logic was introduced to keep track
| of how many threads require SSBD active in order to coordinate it,
| such logic relies on using a per-core counter of threads that have
| SSBD active. When running on the mentioned hardware, it's possible for
| a guest to under or overflow the thread counter, because each write to
| VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that
| does the per-core active accounting. Underflowing the counter causes
| the value to get saturated, and thus attempts for guests running on
| the same core to set SSBD won't have effect because the hypervisor
| assumes it's already active.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-42336
https://www.cve.org/CVERecord?id=CVE-2022-42336
[1] https://xenbits.xen.org/xsa/advisory-431.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 4.17.1+2-gb773c48e36-1
This bug has been fixed in the 4.17.1+2-gb773c48e36-1 upload of xen.
Format: 1.8
Date: Thu, 18 May 2023 21:26:30 +0200
Source: xen
Architecture: source
Version: 4.17.1+2-gb773c48e36-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org>
Changed-By: Maximilian Engelhardt <m...@daemonizer.de>
Closes: 1034842
Changes:
xen (4.17.1+2-gb773c48e36-1) unstable; urgency=medium
.
* Update to new upstream version 4.17.1+2-gb773c48e36, which also contains
security fixes for the following issues:
- x86 shadow paging arbitrary pointer dereference
XSA-430 CVE-2022-42335
(Closes: #1034842)
- Mishandling of guest SSBD selection on AMD hardware
XSA-431 CVE-2022-42336
Checksums-Sha1:
cf6e0a473c82f7068f6465bb8e98c936815ab92e 4474 xen_4.17.1+2-gb773c48e36-1.dsc
a8aa94204a7ca017ad3e5f223a90df41eb71da70 4657444 xen_4.17.1+2-
gb773c48e36.orig.tar.xz
de10ac1a5e3a30c5bf934588868df3af606a3616 136776 xen_4.17.1+2-
gb773c48e36-1.debian.tar.xz
Checksums-Sha256:
8aede813bd03dae9ca51706056fb0fac8005965b164561d4e3fe759ac7c18f45 4474
xen_4.17.1+2-gb773c48e36-1.dsc
3ae62de663574000789ed4bc13285f3ca998324175ca1ceedfba810f12b916f8 4657444
xen_4.17.1+2-gb773c48e36.orig.tar.xz
9a866fad654f5376ac10bc6309204059f82977a04146016d46c34af6b2f060bf 136776
xen_4.17.1+2-gb773c48e36-1.debian.tar.xz
Files:
8f6c691ea2394b17957a635ba8402c15 4474 admin optional xen_4.17.1+2-
gb773c48e36-1.dsc
cf7f3092587b23e1dc616e61360d040e 4657444 admin optional xen_4.17.1+2-
gb773c48e36.orig.tar.xz
109ef6512612630ede88d57f03e6c37b 136776 admin optional xen_4.17.1+2-
gb773c48e36-1.debian.tar.xz
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
