Information

Advisory XSA-363
Public release 2021-02-16 12:00
Updated 2021-02-16 12:35
Version 3
CVE(s) CVE-2021-26934
Title Linux: display frontend "be-alloc" mode is unsupported

Files

advisory-363.txt (signed advisory file)
xsa363.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2021-26934 / XSA-363
                               version 3

        Linux: display frontend "be-alloc" mode is unsupported

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

The backend allocation mode of Linux'es drm_xen_front drivers was
not meant to be a supported configuration, but this wasn't stated
accordingly in its support status entry.

IMPACT
======

Use of the feature may have unknown effects.

VULNERABLE SYSTEMS
==================

Linux versions from 4.18 onwards are affected.  Earlier Linux versions
do not provide the affected driver.

MITIGATION
==========

Not using the driver or its backend allocation mode will avoid the
vulnerability.

CREDITS
=======

This issue was discovered by Jan Beulich of SUSE.

RESOLUTION
==========

Applying the attached patch documents the situation.  The patch does
not fix any security issues.

xsa363.patch           xen-unstable

$ sha256sum xsa363*
cf2f2eff446aec625b19d9d01301ec66098b58b792d74012235f10c62a21bb68  xsa363.patch
$

-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmAru/UMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZSocH/3jAI0MeZtnhvuyOM4CxkNmr0fI4HIXnA1xGNhWY
Wa2WgtOuFVaPUFX1Tj/e6zCoibatl1gicETI9hL+w4Dg6/GzIeTogOuzv5D6Ux91
9a6n2tryFfSAs0OxTKq6etLv63VEEicYMHrZT8n700JFvJsAWYAMvuanMDknGxBP
5/Z+DASnZxT09cpvP4REKuG7rW9vIif+6EZ0T0kU87InouDts/YOhzNsdvBD1wKH
y5e/MZh2sOyMOovuhgbvoK+YezHTAcZeGWnUk3yQoTGnW3p+W9XZVURsc8/e2FbZ
heY3Tj918LsY50wGpMZ2PDoHC8PSHaUqEOTq0MPmnPlppvU=
=tJD0
-----END PGP SIGNATURE-----

Xenproject.org Security Team