Debian Security Advisory
DSA-3969-1 xen -- security update
- Date Reported:
- 12 Sep 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10916, CVE-2017-10917, CVE-2017-10918, CVE-2017-10919, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-12855.
- More information:
Multiple vulnerabilities have been discovered in the Xen hypervisor:
Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation.
- CVE-2017-10913 / CVE-2017-10914
Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation.
Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation.
Andrew Cooper discovered an information leak in the handling of the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch.
Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service.
Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak.
Julien Grall discovered that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service.
- CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922
Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation.
Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation.
Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch.
Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation.
Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use.
- XSA-235 (no CVE yet)
Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service.
For the oldstable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u10.
For the stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u3.
We recommend that you upgrade your xen packages.