* Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported
@ 2021-02-16 12:35 Xen.org security team
0 siblings, 0 replies; only message in thread
From: Xen.org security team @ 2021-02-16 12:35 UTC (permalink / raw)
To: xen-announce, xen-devel, xen-users, oss-security; +Cc: Xen.org security team
[-- Attachment #1: Type: text/plain, Size: 1632 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Xen Security Advisory CVE-2021-26934 / XSA-363
version 3
Linux: display frontend "be-alloc" mode is unsupported
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
The backend allocation mode of Linux'es drm_xen_front drivers was
not meant to be a supported configuration, but this wasn't stated
accordingly in its support status entry.
IMPACT
======
Use of the feature may have unknown effects.
VULNERABLE SYSTEMS
==================
Linux versions from 4.18 onwards are affected. Earlier Linux versions
do not provide the affected driver.
MITIGATION
==========
Not using the driver or its backend allocation mode will avoid the
vulnerability.
CREDITS
=======
This issue was discovered by Jan Beulich of SUSE.
RESOLUTION
==========
Applying the attached patch documents the situation. The patch does
not fix any security issues.
xsa363.patch xen-unstable
$ sha256sum xsa363*
cf2f2eff446aec625b19d9d01301ec66098b58b792d74012235f10c62a21bb68 xsa363.patch
$
-----BEGIN PGP SIGNATURE-----
iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZSocH/3jAI0MeZtnhvuyOM4CxkNmr0fI4HIXnA1xGNhWY
Wa2WgtOuFVaPUFX1Tj/e6zCoibatl1gicETI9hL+w4Dg6/GzIeTogOuzv5D6Ux91
9a6n2tryFfSAs0OxTKq6etLv63VEEicYMHrZT8n700JFvJsAWYAMvuanMDknGxBP
5/Z+DASnZxT09cpvP4REKuG7rW9vIif+6EZ0T0kU87InouDts/YOhzNsdvBD1wKH
y5e/MZh2sOyMOovuhgbvoK+YezHTAcZeGWnUk3yQoTGnW3p+W9XZVURsc8/e2FbZ
heY3Tj918LsY50wGpMZ2PDoHC8PSHaUqEOTq0MPmnPlppvU=
=tJD0
-----END PGP SIGNATURE-----
[-- Attachment #2: xsa363.patch --]
[-- Type: application/octet-stream, Size: 658 bytes --]
From: Jan Beulich <jbeulich@suse.com>
Subject: SUPPORT.md: PV display frontend is unsupported in "backend allocation" mode
This wasn't meant to be supported, but wasn't stated this way.
This is XSA-363.
Reported-by: Jan Belich <jbeulich@suse.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -414,7 +414,8 @@ Guest-side driver capable of speaking th
Guest-side driver capable of speaking the Xen PV display protocol
- Status, Linux: Supported
+ Status, Linux: Supported (outside of "backend allocation" mode)
+ Status, Linux: Experimental (in "backend allocation" mode)
### PV Console (frontend)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-02-16 12:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 12:35 Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported Xen.org security team
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).