diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-04-19 10:21:18 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-04-19 11:24:19 -0300 |
commit | 95332e4ed106c72d58a0a5490d0f608e3d76b83e (patch) | |
tree | 10ecf6182ac280ecab64dc73620b6f06cfdc9222 /main/xen/xsa313-1.patch | |
parent | 28f017cec2751a53781073a114e406a428f3f9a6 (diff) | |
download | aports-95332e4ed106c72d58a0a5490d0f608e3d76b83e.tar.bz2 aports-95332e4ed106c72d58a0a5490d0f608e3d76b83e.tar.xz |
main/xen: fix various security issues
For #11400
Fixed CVEs:
- CVE-2020-11739
- CVE-2020-11740
- CVE-2020-11741
- CVE-2020-11742
- CVE-2020-11743
Diffstat (limited to 'main/xen/xsa313-1.patch')
-rw-r--r-- | main/xen/xsa313-1.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/main/xen/xsa313-1.patch b/main/xen/xsa313-1.patch new file mode 100644 index 0000000000..95fde7ead4 --- /dev/null +++ b/main/xen/xsa313-1.patch @@ -0,0 +1,26 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: xenoprof: clear buffer intended to be shared with guests + +alloc_xenheap_pages() making use of MEMF_no_scrub is fine for Xen +internally used allocations, but buffers allocated to be shared with +(unpriviliged) guests need to be zapped of their prior content. + +This is part of XSA-313. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Wei Liu <wl@xen.org> + +--- a/xen/common/xenoprof.c ++++ b/xen/common/xenoprof.c +@@ -253,6 +253,9 @@ static int alloc_xenoprof_struct( + return -ENOMEM; + } + ++ for ( i = 0; i < npages; ++i ) ++ clear_page(d->xenoprof->rawbuf + i * PAGE_SIZE); ++ + d->xenoprof->npages = npages; + d->xenoprof->nbuf = nvcpu; + d->xenoprof->bufsize = bufsize; |