Xen Offers Up Security Fixes With Linux 5.11

Written by Michael Larabel in Virtualization on 22 December 2020 at 06:27 AM EST. 1 Comment
Unlike the KVM additions, the Xen hypervisor for the Linux 5.11 merge window doesn't bring any new features but just security fixes for some new vulnerabilities.

The Xen changes for the Linux 5.11 merge window include just a set of patches for addressing two vulnerabilities (XSA-349 and XSA-350).

XSA-349 was made public last week that Linux and some BSDs are processing Xen watch events using a single thread and that if events are received faster than processing/handling, a guest could trigger an out-of-memory event in the back-end. The advisory says there is no known mitigation but with Linux 5.11 comes a set of patches to address this for Linux in addressing the resource depletion issue that could lead to a denial of service.

XSA-350 also disclosed last week is a Linux-specific advisory over the block back-end potentially re-using a pointer after it was freed and could lead to a Dom0 crash by continuously connecting/disconnecting a block front-end. It's possible that privilege escalation and information disclosure could result. That advisory recommends switching disk back-ends, but Linux 5.11 again will have a proper mitigation.

The Xen pull request has the patches for these two Xen security advisories. So far the patches at least have not been back-ported to any stable kernel series.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week