xen: Multiple vulnerabilities (CVE-2020-25602, CVE-2020-25598, CVE-2020-25604, CVE-2020-25595, CVE-2020-25597, CVE-2020-25596, CVE-2020-25603, CVE-2020-25600, CVE-2020-25599, CVE-2020-25601)
CVE-2020-25602, XSA-333: Crash when handling guest access to MSR_MISC_ENABLE
4.11 and higher are affected
References
CVE-2020-25598, XSA-334: Missing unlock in XENMEM_acquire_resource error path
Only 4.14 and later is vulnerable. 4.12 and 4.13 are affected, but not vulnerable to the DoS
References
- http://xenbits.xen.org/xsa/advisory-334.html
- https://xenbits.xen.org/xsa/xsa334.patch
- https://xenbits.xen.org/xsa/xsa334-4.12.patch
CVE-2020-25604, XSA-336: race when migrating timers between x86 HVM vCPU-s
All versions are affected.
References
- http://xenbits.xen.org/xsa/advisory-336.html
- https://xenbits.xen.org/xsa/xsa336.patch
- https://xenbits.xen.org/xsa/xsa336-4.11.patch
CVE-2020-25595, XSA-337: PCI passthrough code reading back hardware registers
All version of Xen (that support PCI passthrough)
References
- http://xenbits.xen.org/xsa/advisory-337.html
- https://xenbits.xen.org/xsa/xsa337/xsa337-1.patch
- https://xenbits.xen.org/xsa/xsa337/xsa337-2.patch
- https://xenbits.xen.org/xsa/xsa337/xsa337-4.12-1.patch
- https://xenbits.xen.org/xsa/xsa337/xsa337-4.12-2.patch
- https://xenbits.xen.org/xsa/xsa337/xsa337-4.13-1.patch
- https://xenbits.xen.org/xsa/xsa337/xsa337-4.13-2.patch
CVE-2020-25597, xsa-338: once valid event channels may not turn invalid
Version 4.4 and higher are vulnerable
References:
CVE-2020-25596, XSA-339: x86 pv guest kernel DoS via SYSENTER
Version 3.2 and higher are vulnerable
References
CVE-2020-25603, XSA-340: Missing memory barriers when accessing/allocating an event channel
All version of Xen as vulnerable
References
CVE-2020-25600, XSA-342: out of bounds event channels available to 32-bit x86 domains
Version 4.4 and higher are vulnerable
References
- http://xenbits.xen.org/xsa/advisory-342.html
- https://xenbits.xen.org/xsa/xsa342.patch
- https://xenbits.xen.org/xsa/xsa342-4.13.patch
CVE-2020-25599, XSA-343: races with evtchn_reset()
Version 4.5 and higher are vulnerable.
References
- http://xenbits.xen.org/xsa/advisory-343.html
- https://xenbits.xen.org/xsa/xsa343/xsa343-1.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-2.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-3.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-1.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-2.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.11-3.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-1.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-2.patch
- https://xenbits.xen.org/xsa/xsa343/xsa343-4.12-3.patch
CVE-2020-25601, XSA-344: lack of preemption in evtchn_reset() / evtchn_destroy()
References
- http://xenbits.xen.org/xsa/advisory-344.html
- https://xenbits.xen.org/xsa/xsa344/xsa344-1.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-2.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.11-1.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.11-2.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.12-1.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.12-2.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.13-1.patch
- https://xenbits.xen.org/xsa/xsa344/xsa344-4.13-2.patch