[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Xen Security Advisory 363 v3 (CVE-2021-26934) - Linux: display frontend "be-alloc" mode is unsupported
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-26934 / XSA-363 version 3 Linux: display frontend "be-alloc" mode is unsupported UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The backend allocation mode of Linux'es drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. IMPACT ====== Use of the feature may have unknown effects. VULNERABLE SYSTEMS ================== Linux versions from 4.18 onwards are affected. Earlier Linux versions do not provide the affected driver. MITIGATION ========== Not using the driver or its backend allocation mode will avoid the vulnerability. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch documents the situation. The patch does not fix any security issues. xsa363.patch xen-unstable $ sha256sum xsa363* cf2f2eff446aec625b19d9d01301ec66098b58b792d74012235f10c62a21bb68 xsa363.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZSocH/3jAI0MeZtnhvuyOM4CxkNmr0fI4HIXnA1xGNhWY Wa2WgtOuFVaPUFX1Tj/e6zCoibatl1gicETI9hL+w4Dg6/GzIeTogOuzv5D6Ux91 9a6n2tryFfSAs0OxTKq6etLv63VEEicYMHrZT8n700JFvJsAWYAMvuanMDknGxBP 5/Z+DASnZxT09cpvP4REKuG7rW9vIif+6EZ0T0kU87InouDts/YOhzNsdvBD1wKH y5e/MZh2sOyMOovuhgbvoK+YezHTAcZeGWnUk3yQoTGnW3p+W9XZVURsc8/e2FbZ heY3Tj918LsY50wGpMZ2PDoHC8PSHaUqEOTq0MPmnPlppvU= =tJD0 -----END PGP SIGNATURE----- Attachment:
xsa363.patch
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |