On Tue, Nov 24, 2020 at 12:03:45PM +0000, Xen.org security team wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Xen Security Advisory XSA-355 > version 2 > > stack corruption from XSA-346 change > > UPDATES IN VERSION 2 > ==================== > > Added metadata file. > > Public release. > > ISSUE DESCRIPTION > ================= > > One of the two changes for XSA-346 introduced an on-stack array. The > check for guarding against overrunning this array was off by one, > allowing for corruption of the first stack slot immediately following > this array. > > IMPACT > ====== > > A malicious or buggy HVM or PVH guest can cause Xen to crash, resulting > in a Denial of Service (DoS) to the entire host. Privilege escalation > as well as information leaks cannot be excluded. > > VULNERABLE SYSTEMS > ================== > > All Xen versions which have the patches for XSA-346 applied are > vulnerable. > > Only x86 HVM and PVH guests can leverage the vulnerability. Arm guests > and x86 PV guests cannot leverage the vulnerability. > > Only x86 HVM and PVH guests which have physical devices passed through > to them can leverage the vulnerability.
There's no support for passthrough for x86 PVH guests yet, so this issue only affects x86 HVM with passthrough. Roger.
