Gentoo update for Xen



Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2022-42336
CVE-2023-28746
CVE-2023-34319
CVE-2023-34320
CVE-2023-34321
CVE-2023-34322
CVE-2023-34323
CVE-2023-34324
CVE-2023-34325
CVE-2023-34327
CVE-2023-34328
CVE-2023-46835
CVE-2023-46836
CVE-2023-46837
CVE-2023-46839
CVE-2023-46840
CVE-2023-46841
CVE-2023-46842
CVE-2024-2193
CVE-2024-31142
CWE-ID CWE-190
CWE-200
CWE-119
CWE-833
CWE-399
CWE-617
CWE-121
CWE-371
CWE-264
CWE-254
CWE-20
CWE-362
CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software
Gentoo Linux
Operating systems & Components / Operating system

app-emulation/xen
Operating systems & Components / Operating system package or component

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU77522

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42336

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote guest to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in SSBD imlementation. A remote guest can mislead other guests into observing SSBD active when it is not.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU87457

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28746

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU79260

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34319

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Deadlock

EUVDB-ID: #VU79040

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34320

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a coding error in code for Cortex-A77 cores (r0p0 and r1p0). A malicious guest can trigger a deadlock and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU80470

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34321

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a malicious guest to gain access to potentially sensitive information.

The vulnerability exists due to an error when cleaning cache on arm32 systems. A malicious guest can read sensitive data from memory of another guest.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU80924

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34322

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improper management of internal resources when running PV guests in shadow paging mode. A malicious guest can run a specially crafted application on the system that causes shortage of memory in the associated with the domain shadow pool and forces Xen to tear down page tables. This can result in memory leak, denial of service or privilege escalation.

The vulnerability can be exploited by 64-bit PV guests on x86 systems.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Reachable Assertion

EUVDB-ID: #VU81895

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34323

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can craft a transaction that forces C Xenstored to check quota value and perform a denial of service attack.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Deadlock

EUVDB-ID: #VU81900

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34324

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU81886

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34325

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote guest to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in libfsimage. A remote guest can use pygrab to trigger stack-based buffer overflow and execute arbitrary code on the host system.


Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) State Issues

EUVDB-ID: #VU81901

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34327

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) State Issues

EUVDB-ID: #VU81903

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34328

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of guest state in PV vCPU. A malicious guest place a breakpoint over the live GDT and perform a denial of service (DoS) attack against the host.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU83162

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46835

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote guest to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security features bypass

EUVDB-ID: #VU83163

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46836

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote guest to bypass implemented security restrictions.

The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU84103

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46837

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources on arm32 processors caused by improper invalidation of cache. A malicious guest can read sensitive data from memory of another guest.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU85929

Risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46839

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to an error in phantom functions implementation for PCI devices. Under certain circumstances a malicious guest assigned a PCI device with phantom functions may be able to access memory from a previous owner of the device.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU85928

Risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46840

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to bypass implemented security restrictions.

The vulnerability exists due to incorrect placement of a preprocessor directive in source code, which results in a logic error when support for HVM guests is compiled out of Xen and CONFIG_HVM is disabled at Xen's build time. When a device is removed from a domain, it is not properly quarantined and retains its access to the domain to which it was previously assigned. An attacker with control over a malicious guest can retain access to the domain after it has been removed from it.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU86860

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46841

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote guest to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the Shadow Stacks (CET-SS) feature. An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU88228

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46842

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of register values when invoking a hypercall. A malicious HVM or PVH guest can pass specially crafted input to the hypervisor and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Race condition

EUVDB-ID: #VU87374

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-2193

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a speculative race condition. A local user can exploit the race and gain unauthorized access to contents of arbitrary host memory, including memory assigned to other guests.

The vulnerability was dubbed GhostRace.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Type confusion

EUVDB-ID: #VU88372

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31142

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to a logical error caused by a branch type confusion when implementing fixes for the following vulnerabilities:

#VU65219 (CVE-2022-23816)
#VU65204 (CVE-2022-23825)
#VU65205 (CVE-2022-29900)
#VU79263 (CVE-2023-20569)

A malicious guest can gain access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected packages.
app-emulation/xen to version: 4.17.4

Vulnerable software versions

Gentoo Linux: All versions

app-emulation/xen: before 4.17.4

CPE2.3 External links

http://security.gentoo.org/glsa/202409-10


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###