Xen Offers Up Security Fixes With Linux 5.11

Written by Michael Larabel in Virtualization on 22 December 2020 at 06:27 AM EST. 1 Comment
VIRTUALIZATION
Unlike the KVM additions, the Xen hypervisor for the Linux 5.11 merge window doesn't bring any new features but just security fixes for some new vulnerabilities.

The Xen changes for the Linux 5.11 merge window include just a set of patches for addressing two vulnerabilities (XSA-349 and XSA-350).

XSA-349 was made public last week that Linux and some BSDs are processing Xen watch events using a single thread and that if events are received faster than processing/handling, a guest could trigger an out-of-memory event in the back-end. The advisory says there is no known mitigation but with Linux 5.11 comes a set of patches to address this for Linux in addressing the resource depletion issue that could lead to a denial of service.

XSA-350 also disclosed last week is a Linux-specific advisory over the block back-end potentially re-using a pointer after it was freed and could lead to a Dom0 crash by continuously connecting/disconnecting a block front-end. It's possible that privilege escalation and information disclosure could result. That advisory recommends switching disk back-ends, but Linux 5.11 again will have a proper mitigation.

The Xen pull request has the patches for these two Xen security advisories. So far the patches at least have not been back-ported to any stable kernel series.
1 Comment
Related News
Google Posts KVM-CPUFreq Driver To Dramatically Boost VM Performance, Power Efficiency
XCP-ng Initating Effort To Rewrite Xen Components In Rust
Many KVM Updates Land In Linux 6.3
Intel-Led Cloud Hypervisor 30 Released With CLI Changes To Reduce The Binary Size
Microsoft Hyper-V Nested Hypervisor Support Comes For Linux 6.3
Linux Patches Improve KVM Guest Performance For Hosts Under Memory Pressure
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OBS Studio Lands AV1 & HEVC RTMP Streaming Support
Framework Laptop Launches AMD Ryzen Upgradeable Laptop, Intel Raptor Lake Models Too
Proxmox VE 7.4 Released With Linux 5.15 LTS + Linux 6.2 Support, New Dark Theme
AMD FidelityFX Super Resolution 3 "FSR 3" Will Be Open-Source
Ubuntu 20.04.6 LTS Released With Restored UEFI Secure Boot Support
NVIDIA 530.41.03 Linux Driver Released With IBT Kernel Support, Vulkan Video
MidnightBSD 3.0 Available With Many Software Updates & Fixes
Wine's VKD3D 1.7 Implements More Direct3D 12 Functionality Atop Vulkan