Date: Tue, 16 Feb 2021 12:35:30 +0000 From: Xen.org security team <security@....org> To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, oss-security@...ts.openwall.com CC: Xen.org security team <security-team-members@....org> Subject: Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-26934 / XSA-363 version 3 Linux: display frontend "be-alloc" mode is unsupported UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The backend allocation mode of Linux'es drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. IMPACT ====== Use of the feature may have unknown effects. VULNERABLE SYSTEMS ================== Linux versions from 4.18 onwards are affected. Earlier Linux versions do not provide the affected driver. MITIGATION ========== Not using the driver or its backend allocation mode will avoid the vulnerability. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch documents the situation. The patch does not fix any security issues. xsa363.patch xen-unstable $ sha256sum xsa363* cf2f2eff446aec625b19d9d01301ec66098b58b792d74012235f10c62a21bb68 xsa363.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZSocH/3jAI0MeZtnhvuyOM4CxkNmr0fI4HIXnA1xGNhWY Wa2WgtOuFVaPUFX1Tj/e6zCoibatl1gicETI9hL+w4Dg6/GzIeTogOuzv5D6Ux91 9a6n2tryFfSAs0OxTKq6etLv63VEEicYMHrZT8n700JFvJsAWYAMvuanMDknGxBP 5/Z+DASnZxT09cpvP4REKuG7rW9vIif+6EZ0T0kU87InouDts/YOhzNsdvBD1wKH y5e/MZh2sOyMOovuhgbvoK+YezHTAcZeGWnUk3yQoTGnW3p+W9XZVURsc8/e2FbZ heY3Tj918LsY50wGpMZ2PDoHC8PSHaUqEOTq0MPmnPlppvU= =tJD0 -----END PGP SIGNATURE----- Download attachment "xsa363.patch" of type "application/octet-stream" (658 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.