-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28688 / XSA-371 version 3 Linux: blkback driver may leak persistent grants UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. IMPACT ====== A malicious or buggy frontend driver may be able to cause resource leaks from the corresponding backend driver. This can result in a host-wide Denial of Sevice (DoS). VULNERABLE SYSTEMS ================== All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. MITIGATION ========== Reconfiguring guests to use alternative (e.g. qemu-based) backends may avoid the vulnerability. Avoiding the use of persistent grants will also avoid the vulnerability. This can be achieved by passing the "feature_persistent=0" module option to the xen-blkback driver. CREDITS ======= This issue was discovered by Nicolai Stange of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa371-linux.patch Linux 5.12-rc, 5.11.1 onwards, 5.10.18 onwards Linux 5.10.0 - 5.10.17, 5.11.0 Linux 4.4 - 5.9 Linux 3.11 - 4.3 $ sha256sum xsa371* 1b2472253aa82385b3eff280fa4adf52742f06813fc093f5f86cd4a3021f736c xsa371-linux.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. HOWEVER, deployment of the mitigations described above is NOT permitted during the embargo on public-facing systems with untrusted guest users and administrators. This is because such configuration changes may be recognizable by the affected guests. AND: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBjBWYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZbkQIAKjv5DaESSOUA8DzOk4LmBZQHIMtTsN2wF2Q0/6g 3hJ3HoGzQwul00eUem+sbAqrEKJAEGLrcWpAGlcp8jW5i+44dyHE4o4vDmUOLx/x eJGMKwhv2Xe7Us15Fh4ioOBtmO6/AH60Scbid3aZ6zlJiUEPwpotzD9Jm/nR+B/E /KRsXZ+dTIZpeke9vVXbml/nrq/xwvpAZrEGeXBg1FDUHNsGWEeqPFq2ZfygVw22 x5loXeb8cqIETuA3EJQ1fx0Ioqnh3Q85TtNTCTpZrKcrTqJX+lZTlrEn4iAaMvp1 Bp/Mu9dkFrIJaid0iwdJKk2STsROh5ZCXCOyFOo5LFvFoKE= =DlVS -----END PGP SIGNATURE-----