[3.6] xen: Multiple vulnerabilities (CVE-2017-12135, CVE-2017-12137, CVE-2017-12136, CVE-2017-12134, CVE-2017-12855)
CVE-2017-12135, XSA-226: multiple problems with transitive grants
All versions of Xen are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12137, XSA-227: x86: PV privilege escalation via map_grant_ref
All versions of Xen are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-227.html
CVE-2017-12136, XSA-228: grant_table: Race conditions with maptrack free list handling
Xen 4.6 and later are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-228.html
CVE-2017-12134, XSA-229: linux: Fix Xen block IO merge-ability calculation
References:
http://xenbits.xen.org/xsa/advisory-229.html
CVE-2017-12855, XSA-230: grant_table: possibly premature clearing of GTF_writing / GTF_reading
All systems are vulnerable.
References:
http://xenbits.xen.org/xsa/advisory-230.html
(from redmine: issue id 7733, created on 2017-08-21, closed on 2017-10-27)
- Relations:
- parent #7731 (closed)
- Changesets:
- Revision 605bcdc4 by Natanael Copa on 2017-09-15T13:10:24Z:
main/xen: upgrade to 4.8.2
fixes #7733