CVE-2021-28690
https://notcve.org/view.php?id=CVE-2021-28690
x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. x86: Las protecciones TSX Async Abort no son restauradas después de S3. Este problema está relacionado con una vulnerabilidad de seguridad especulativa TSX Async Abort. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-377.txt •
CVE-2021-28687
https://notcve.org/view.php?id=CVE-2021-28687
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. • https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-368.txt • CWE-909: Missing Initialization of Resource •
CVE-2021-26933
https://notcve.org/view.php?id=CVE-2021-26933
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. • http://xenbits.xen.org/xsa/advisory-364.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP https://www.debian.org/security/2021/dsa-4888 •
CVE-2021-3308
https://notcve.org/view.php?id=CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. • http://www.openwall.com/lists/oss-security/2021/01/26/4 http://xenbits.xen.org/xsa/advisory-360.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN https://security.gentoo.org/glsa/202107-30 •
CVE-2020-29486
https://notcve.org/view.php?id=CVE-2020-29486
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI https://security.gentoo.org/glsa/202107-30 https://www.debian.org/security/2020/dsa-4812 https://xenbits.xenproject.org/xsa/advisory-352.html • CWE-770: Allocation of Resources Without Limits or Throttling •