[3.7] xen: Multiple vulnerabilities (CVE-2017-12135, CVE-2017-12137, CVE-2017-12136, CVE-2017-12134, CVE-2017-12855)
CVE-2017-12135, XSA-226: multiple problems with transitive grants
All versions of Xen are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12137, XSA-227: x86: PV privilege escalation via map_grant_ref
All versions of Xen are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-227.html
CVE-2017-12136, XSA-228: grant_table: Race conditions with maptrack free list handling
Xen 4.6 and later are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-228.html
CVE-2017-12134, XSA-229: linux: Fix Xen block IO merge-ability calculation
References:
http://xenbits.xen.org/xsa/advisory-229.html
CVE-2017-12855, XSA-230: grant_table: possibly premature clearing of GTF_writing / GTF_reading
All systems are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-230.html
(from redmine: issue id 7732, created on 2017-08-21, closed on 2017-10-27)
- Relations:
- parent #7731 (closed)
- Changesets:
- Revision a9878fc5 by Daniel Sabogal on 2017-08-24T22:05:11Z:
main/xen: security fixes
fixes #7732
CVE-2017-12135 XSA-226
CVE-2017-12137 XSA-227
CVE-2017-12136 XSA-228
CVE-2017-12855 XSA-230