-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-26930 / XSA-365 version 3 Linux: error handling issues in blkback's grant mapping UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error. IMPACT ====== A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In configurations without driver domains or similar disaggregation, that is a host-wide denial of sevice. Privilege escalation and information leaks cannot be ruled out. VULNERABLE SYSTEMS ================== Linux versions from at least 3.11 onwards are vulnerable. MITIGATION ========== Reconfiguring guests to use alternative (e.g. qemu-based) backends may avoid the vulnerability. CREDITS ======= This issue was discovered by Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr, all from Amazon. RESOLUTION ========== Applying the attached patch resolves this issue. xsa365-linux.patch Linux 5.11-rc - 5.10 $ sha256sum xsa365* 7e45fcf3c70eb40debe9997a1773de7c4a2edcde5c23f76aeb5c1b6e3a34a654 xsa365-linux.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. HOWEVER, deployment of the non-kernel-based backends mitigation described above is NOT permitted during the embargo on public-facing systems with untrusted guest users and administrators. This is because such a configuration change may be recognizable by the affected guests. AND: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZnpQH/jMHOQao08C5s4VlCUIDJTJ8AZXIjFKW2zOKBqt5 Gp7HiRZSLKa2s/dqxIdiVHTnMzGyFegfzK0AeLjLeftSbOANSvI9tx/S6ajOr6Mx s5j0r2JzCBsh1bULJbRV7MBVaRqyOR77i3sREu7o0uuRxMd0RNnck7rVm0slmG1P FoFfC2tF+gxnYZi8tpBS4aY/e3tZ4y+J6s0Fgyfln4p33/j1JwILzzYscGnRdDvG 31DnotOq3E+TqcTZRK4BrLJqZodZLsd9en1DriJj2dDqrobs6QS4sZkHKX20gcxC RnGvkdHXI+u/du6qpb3GHep2F5pg5+2vMzBNvxxBjr8vmi4= =HBCB -----END PGP SIGNATURE-----