[3.6] xen: Multiple vulnerabilities (CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15593, CVE-2017-15592, CVE-2017-15594, CVE-2017-15595, CVE-2017-15596, CVE-2017-15597, CVE-2017-17046)
CVE-2017-15596, XSA-235: add-to-physmap error paths fail to release lock on ARM
References:
http://xenbits.xen.org/xsa/advisory-235.html
CVE-2017-15597, XSA-236: pin count / page reference race in grant table code
References:
http://xenbits.xen.org/xsa/advisory-236.html
CVE-2017-15590, XSA-237: multiple MSI mapping issues on x86
References:
http://xenbits.xen.org/xsa/advisory-237.html
XSA-238: DMOP map/unmap missing argument checks
References:
http://xenbits.xen.org/xsa/advisory-238.html
CVE-2017-15589, XSA-239: hypervisor stack leak in x86 I/O intercept code
References:
http://xenbits.xen.org/xsa/advisory-239.html
CVE-2017-15595, XSA-240: Unlimited recursion in linear pagetable de-typing
References:
http://xenbits.xen.org/xsa/advisory-240.html
CVE-2017-15588, XSA-241: Stale TLB entry due to page type release race
References:
http://xenbits.xen.org/xsa/advisory-241.html
CVE-2017-15593, XSA-242: page type reference leak on x86
References:
http://xenbits.xen.org/xsa/advisory-242.html
CVE-2017-15592, XSA-243: x86: Incorrect handling of self-linear shadow mappings with translated guests
References:
http://xenbits.xen.org/xsa/advisory-243.html
CVE-2017-15594, XSA-244: x86: Incorrect handling of IST settings during CPU hotplug
References:
http://xenbits.xen.org/xsa/advisory-244.html
CVE-2017-17046, XSA-245: ARM: Some memory not scrubbed at boot
References:
http://xenbits.xen.org/xsa/advisory-245.html
(from redmine: issue id 8062, created on 2017-10-26, closed on 2018-09-27)
- Relations:
- parent #8061 (closed)
- Changesets:
- Revision dc1cbe03 on 2018-01-05T10:06:58Z:
main/xen: security fixes
CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15593, CVE-2017-15592,
CVE-2017-15594, CVE-2017-15595, CVE-2017-15596, CVE-2017-15597, CVE-2017-17046
Fixes #8062