Release: Xen 4.3.2. and 4.2.4

by

The Xen Project, the community which develops the Xen hypervisor under the GNU General Public License (GPLv2) and which is now transferred from Citrix to the Linux Foundation, today announced the availability of two maintenance releases version 4.3.2 and 4.2.4 of the Xen hypervisor.

Besides fixing some vulnerabilities, this release also includes bug fixes and improvements.


Xen 4.3.2 fixes the following vulnerabilities:

  • CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with PCI passthrough
  • CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant table locks
  • CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlock
  • CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution
  • CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
  • CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code
  • CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed
  • CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang
  • CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup
  • CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls
  • CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
  • CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes
  • CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
  • CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pressure

Xen 4.2.4 fixes:

  • CVE-2013-2212 / XSA-60     Excessive time to disable caching with HVM guests with PCI passthrough
  • CVE-2013-1442 / XSA-62     Information leak on AVX and/or LWP capable CPUs
  • CVE-2013-4355 / XSA-63     Information leaks through I/O instruction emulation
  • CVE-2013-4361 / XSA-66     Information leak through fbld instruction emulation
  • CVE-2013-4368 / XSA-67     Information leak through outs instruction emulation
  • CVE-2013-4369 / XSA-68     possible null dereference when parsing vif ratelimiting info
  • CVE-2013-4370 / XSA-69     misplaced free in ocaml xc_vcpu_getaffinity stub
  • CVE-2013-4371 / XSA-70     use-after-free in libxl_list_cpupool under memory pressure
  • CVE-2013-4375 / XSA-71     qemu disk backend (qdisk) resource leak
  • CVE-2013-4416 / XSA-72     ocaml xenstored mishandles oversized message replies
  • CVE-2013-4494 / XSA-73     Lock order reversal between page allocation and grant table locks
  • CVE-2013-4553 / XSA-74     Lock order reversal between page_alloc_lock and mm_rwlock
  • CVE-2013-4551 / XSA-75     Host crash due to guest VMX instruction execution
  • CVE-2013-4554 / XSA-76     Hypercalls exposed to privilege rings 1 and 2 of HVM guests
  • CVE-2013-6375 / XSA-78     Insufficient TLB flushing in VT-d (iommu) code
  • CVE-2013-6400 / XSA-80     IOMMU TLB flushing may be inadvertently suppressed
  • CVE-2013-6885 / XSA-82     Guest triggerable AMD CPU erratum may cause host hang
  • CVE-2014-1642 / XSA-83     Out-of-memory condition yielding memory corruption during IRQ setup
  • CVE-2014-1891 / XSA-84     integer overflow in several XSM/Flask hypercalls
  • CVE-2014-1895 / XSA-85     Off-by-one error in FLASK_AVC_CACHESTAT hypercall
  • CVE-2014-1896 / XSA-86     libvchan failure handling malicious ring indexes
  • CVE-2014-1666 / XSA-87     PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
  • CVE-2014-1950 / XSA-88     use-after-free in xc_cpupool_getinfo() under memory pressure