Show Your Support: Have you heard of Phoronix Premium? It's what complements advertisements on this site for our premium ad-free service. For less than $4 USD per month, you can help support our site while the funds generated allow us to keep doing Linux hardware reviews, performance benchmarking, maintain our community forums, and much more.
Xen Offers Up Security Fixes With Linux 5.11
The Xen changes for the Linux 5.11 merge window include just a set of patches for addressing two vulnerabilities (XSA-349 and XSA-350).
XSA-349 was made public last week that Linux and some BSDs are processing Xen watch events using a single thread and that if events are received faster than processing/handling, a guest could trigger an out-of-memory event in the back-end. The advisory says there is no known mitigation but with Linux 5.11 comes a set of patches to address this for Linux in addressing the resource depletion issue that could lead to a denial of service.
XSA-350 also disclosed last week is a Linux-specific advisory over the block back-end potentially re-using a pointer after it was freed and could lead to a Dom0 crash by continuously connecting/disconnecting a block front-end. It's possible that privilege escalation and information disclosure could result. That advisory recommends switching disk back-ends, but Linux 5.11 again will have a proper mitigation.
The Xen pull request has the patches for these two Xen security advisories. So far the patches at least have not been back-ported to any stable kernel series.