xen - Debian Package Tracker

general

source: xen (main)
version: 4.17.3+36-g54dacb5c02-1
maintainer: Debian Xen Team (archive) (DMD)
uploaders: Ian Jackson [DMD] – Hans van Kranenburg [DMD] [DM]
arch: amd64 arm64 armhf
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.11.4+107-gef32c7afa2-1
o-o-sec: 4.11.4+107-gef32c7afa2-1
oldstable: 4.14.6-1
old-sec: 4.14.5+94-ge49571868d-1
stable: 4.17.3+10-g091466ba55-1~deb12u1
testing: 4.17.3+36-g54dacb5c02-1
unstable: 4.17.3+36-g54dacb5c02-1

versioned links

4.11.4+107-gef32c7afa2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.14.5+94-ge49571868d-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.14.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.17.3+10-g091466ba55-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.17.3+36-g54dacb5c02-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxen-dev
libxencall1t64
libxendevicemodel1t64
libxenevtchn1t64
libxenforeignmemory1t64
libxengnttab1t64
libxenhypfs1t64
libxenmisc4.17t64
libxenstore4t64
libxentoolcore1t64
libxentoollog1t64
xen-doc
xen-hypervisor-4.17-amd64
xen-hypervisor-4.17-amd64-dbg
xen-hypervisor-4.17-arm64
xen-hypervisor-4.17-arm64-dbg
xen-hypervisor-4.17-armhf
xen-hypervisor-4.17-armhf-dbg
xen-hypervisor-common (1 bugs: 0, 1, 0, 0)
xen-system-amd64 (2 bugs: 0, 2, 0, 0)
xen-system-arm64
xen-system-armhf
xen-utils-4.17
xen-utils-4.17-dbg
xen-utils-common
xenstore-utils

action needed

11 security issues in trixie high

There are 11 open security issues in trixie.

11 important issues:

CVE-2024-2193: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2024-2201:
CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.
CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
CVE-2024-31143: An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
CVE-2024-31145: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren't supposed to have access to.
CVE-2024-31146: When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.
CVE-2024-45817: In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock.
CVE-2024-45818:
CVE-2024-45819:

Created: 2024-02-27 Last update: 2024-11-12 16:31

11 security issues in sid high

There are 11 open security issues in sid.

11 important issues:

CVE-2024-2193: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2024-2201:
CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.
CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
CVE-2024-31143: An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
CVE-2024-31145: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren't supposed to have access to.
CVE-2024-31146: When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.
CVE-2024-45817: In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock.
CVE-2024-45818:
CVE-2024-45819:

Created: 2024-03-12 Last update: 2024-11-12 16:31

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2024-45817: In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock.
CVE-2024-45818:
CVE-2024-45819:

9 issues that should be fixed with the next stable update:

CVE-2024-2193: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2024-2201:
CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-46841: Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing.
CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.
CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
CVE-2024-31143: An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
CVE-2024-31145: Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren't supposed to have access to.
CVE-2024-31146: When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), - - INTx lines.

Created: 2024-09-24 Last update: 2024-11-12 16:31

lintian reports 2 errors and 52 warnings high

Lintian reports 2 errors and 52 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-03-01 Last update: 2024-07-31 17:09

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2024-08-22 Last update: 2024-11-21 22:31

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libxen-dev could be marked Multi-Arch: same
xen-doc could be marked Multi-Arch: same

Created: 2024-03-12 Last update: 2024-11-21 21:36

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2024-02-25 Last update: 2024-11-21 21:32

debian/patches: 24 patches to forward upstream low

Among the 24 debian patches available in version 4.17.3+36-g54dacb5c02-1 of the package, we noticed the following issues:

24 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-03-12 12:31

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2023-04-04 Last update: 2023-04-04 01:34

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2024-04-07 13:14

news

[rss feed]

[2024-04-26] xen 4.17.3+36-g54dacb5c02-1 MIGRATED to testing (Debian testing watch)
[2024-03-11] Accepted xen 4.17.3+36-g54dacb5c02-1 (source) into unstable (Hans van Kranenburg)
[2024-02-29] Accepted xen 4.17.3+10-g091466ba55-1.1 (source) into unstable (Steve Langasek)
[2024-02-24] Accepted xen 4.17.3+10-g091466ba55-1.1~exp2 (source) into experimental (Steve Langasek)
[2024-02-10] xen 4.17.3+10-g091466ba55-1 MIGRATED to testing (Debian testing watch)
[2024-02-05] Accepted xen 4.17.3+10-g091466ba55-1.1~exp1 (source) into experimental (Steve Langasek)
[2024-02-04] Accepted xen 4.17.3+10-g091466ba55-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Hans van Kranenburg)
[2024-02-04] Accepted xen 4.17.3+10-g091466ba55-1 (source) into unstable (Hans van Kranenburg)
[2023-12-05] xen 4.17.2+76-ge1f9cb16e2-1 MIGRATED to testing (Debian testing watch)
[2023-12-03] Accepted xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Hans van Kranenburg)
[2023-11-29] Accepted xen 4.17.2+76-ge1f9cb16e2-1 (source) into unstable (Maximilian Engelhardt) (signed by: Hans van Kranenburg)
[2023-10-19] xen 4.17.2+55-g0b56bed864-1 MIGRATED to testing (Debian testing watch)
[2023-10-13] Accepted xen 4.17.2+55-g0b56bed864-1 (source) into unstable (Hans van Kranenburg)
[2023-09-29] Accepted xen 4.14.6-1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Hans van Kranenburg)
[2023-08-26] xen 4.17.2-1 MIGRATED to testing (Debian testing watch)
[2023-08-20] Accepted xen 4.17.2-1 (source) into unstable (Maximilian Engelhardt) (signed by: Hans van Kranenburg)
[2023-05-24] xen 4.17.1+2-gb773c48e36-1 MIGRATED to testing (Debian testing watch)
[2023-05-18] Accepted xen 4.17.1+2-gb773c48e36-1 (source) into unstable (Maximilian Engelhardt) (signed by: Hans van Kranenburg)
[2023-04-08] xen 4.17.0+74-g3eac216e6e-1 MIGRATED to testing (Debian testing watch)
[2023-04-03] Accepted xen 4.17.0+74-g3eac216e6e-1 (source) into unstable (Maximilian Engelhardt) (signed by: Hans van Kranenburg)
[2023-03-29] Accepted xen 4.14.5+94-ge49571868d-1 (source amd64 all) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-03-25] Accepted xen 4.14.5+94-ge49571868d-1 (source amd64 all) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-03-07] xen 4.17.0+46-gaaf74a532c-1 MIGRATED to testing (Debian testing watch)
[2023-02-24] Accepted xen 4.17.0+46-gaaf74a532c-1 (source) into unstable (Hans van Kranenburg)
[2023-02-12] xen 4.17.0+24-g2f8851c37f-2 MIGRATED to testing (Debian testing watch)
[2023-02-06] Accepted xen 4.17.0+24-g2f8851c37f-2 (source) into unstable (Hans van Kranenburg)
[2023-02-06] Accepted xen 4.17.0+24-g2f8851c37f-2~exp1 (amd64 source) into experimental (Debian FTP Masters) (signed by: Ian Jackson)
[2022-12-27] xen 4.17.0-1 MIGRATED to testing (Debian testing watch)
[2022-12-21] Accepted xen 4.17.0-1 (source) into unstable (Maximilian Engelhardt) (signed by: Hans van Kranenburg)
[2022-12-09] Accepted xen 4.17.0~rc4-1~exp1 (amd64 source) into experimental (Debian FTP Masters) (signed by: Ian Jackson)

bugs [bug history graph]

all: 35 36
RC: 1
I&N: 19 20
M&W: 13
F&P: 2
patch: 2

links

homepage
lintian (2, 52)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.17.3+10-g091466ba55-1.1ubuntu3
56 bugs (6 patches)
patches for 4.17.3+10-g091466ba55-1.1ubuntu3