From xen-announce-bounces@lists.xenproject.org Tue Oct 07 15:48:50 2025 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 07 Oct 2025 15:48:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1139012.1474583 (Exim 4.92) (envelope-from ) id 1v69vK-0002NA-Hs; Tue, 07 Oct 2025 15:48:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1139012.1474583; Tue, 07 Oct 2025 15:48:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v69vK-0002N3-Dv; Tue, 07 Oct 2025 15:48:22 +0000 Received: by outflank-mailman (input) for mailman id 1139012; Tue, 07 Oct 2025 15:42:28 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v69pc-0001ED-Mx for xen-announce@lists.xenproject.org; Tue, 07 Oct 2025 15:42:28 +0000 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [2a00:1450:4864:20::52b]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 388e9d89-a394-11f0-9809-7dc792cee155; Tue, 07 Oct 2025 17:42:25 +0200 (CEST) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-62fc0b7bf62so9888375a12.2 for ; Tue, 07 Oct 2025 08:42:24 -0700 (PDT) Received: from [192.168.1.5] (user-109-243-146-38.play-internet.pl. [109.243.146.38]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-6376b3b7225sm12414502a12.16.2025.10.07.08.42.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Oct 2025 08:42:23 -0700 (PDT) X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 388e9d89-a394-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1759851744; x=1760456544; darn=lists.xenproject.org; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=BH2imbmcGG8YC2NKOOPrT40O2e/gZ8uDrdr2Rn9CXkM=; b=nn4Om902HuWQGCfuAfAQNdZpTqRfpjlZyC773+07N5qCUGBXgQT4ZKNtTRG3B1d4CT 5saOQ8Apxz2C7Hg8q1coYSgs6QmQzhxpyonp02d9Oe8EdCd0OzrZi2KJrTrkpHf9gQCn xLxBVwlq4jniI+n4HpBkAZnRSWzYAeK0GoJ9XiPOk4C4ibEzfKZ1VZScxQfQsBUfgUsi 0xGrOlUWIsL7tEwLglzr3FmS9NTg5crGimBL6ddQgT3xKEDsvNbeWFsy91vKJHjXjwye uOql6zTgx4KJvVFDBF6kzmaX1BK9pPacPZISRRLOIqZCpsQalWOlYRhegdno51r2YZKx ncaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759851744; x=1760456544; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BH2imbmcGG8YC2NKOOPrT40O2e/gZ8uDrdr2Rn9CXkM=; b=GF+cHnn6KBNzvC0XX/eWUmHuoOFQTb0qQHjbG8V4T7tSmSY0i/Hj1KGAOKoEzuzatD jiUV5sF8iXopnoJX31C9sfoktG3bZR7TzbVNN107S8mypLKP4i2KHNQ5X/bmaovZvldP 9W02Ox1DE6wyewOP4t3QjoAbCGKoaIsn1NdBQ6Pqo7KC/iy66DV2qMF//7fRX5rNeGj/ lDffZv6DPbOf7vaUG9iWbW3xsKfNXTQjTaVytNvnzklUUzu2yEfcRdq/jsOJ22KN/QlH eoRCLDK6bTQ3PLOU701s6TNwFo5BIltFByt/ZwYzQDp5+0A+TbWIjtUKolTgr28JiVw1 afAQ== X-Forwarded-Encrypted: i=1; AJvYcCUvRiTtGHyPFU23GS1dvODlyb9JDA04BEmvvWG7I5IyXbzbgGcKxhP8Th5O5LtFrTXjyxmEAWqiWAITFvU=@lists.xenproject.org X-Gm-Message-State: AOJu0YyY0akaUCRrLjfkrqGDDZOO6OHzHAt+sBc7ZGakuqrRAnQbS0Ks ujyMiSpmo0NltZ1c3nj+UnCOMATQ0bBuFI8jT2aIRNPAu/fLA7PxUNfd7lGKTg== X-Gm-Gg: ASbGnctWwkBO234mZs2MbhxgqTGMrFh9vKRDc3xnFwlZiPUgPkEQOncmh9jUifDbcgv hkI/9gj4vVtHk2pQx1vkbDOxNfDIVH6TA4jJBulREPISkCQxPJegs0Ys2de+M0j/tJ7BdYYbJLZ 18E4MM3aELy3YQV144lQTOStTK4kQpEfdjk6lwbV6aOp23Q9NSVnwmux8SntBuc+wlM8HE3LEpY MUSrA8aFLtVseTBFnYMiv+GsDY/mrF5hWnIwtpE+JvHAgw4vYoml1S1FwdFLk7/0cd5FxDU3As6 9iJoSAIpIzLSpkuhdWrY0N+clDu5PZvciE0+0cPjUK1c/yStjskXoT/ygcvxJGqS6scXyB/m5Mz rwoMdDHh5S8qnAGqJWHu9NwkykfV8zn1Hf7GGHalKaJO21aSIrVB0Cy+F2fLSFl3r4eYVI3iJfU UEays6bb3v23nrp/QKw8tWnHLjico7u2HmGXTDfA== X-Google-Smtp-Source: AGHT+IEDaDZMmobSFrigZoj/bc51u0nCCT+Ufn/VGhQVVVYj8ZKnFuX5ewdQ4cVkyW+PjmJvfjOrGw== X-Received: by 2002:a05:6402:1ec2:b0:62b:2f0:974f with SMTP id 4fb4d7f45d1cf-639348e4edfmr16712140a12.15.1759851743980; Tue, 07 Oct 2025 08:42:23 -0700 (PDT) Content-Type: multipart/alternative; boundary="------------QET1v2u4oLBXWmKoMaFyupyG" Message-ID: <1a7522f7-89e5-4d0d-9953-8fd4c6e86c16@gmail.com> Date: Tue, 7 Oct 2025 17:42:23 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Xen-devel Cc: xen-users@lists.xenproject.org, xen-announce@lists.xenproject.org, Community Manager , "committers@xenproject.org" From: Oleksii Kurochko Subject: [ANNOUNCEMENT] Xen 4.21.0-rc1 is tagged This is a multi-part message in MIME format. --------------QET1v2u4oLBXWmKoMaFyupyG Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello everyone, Xen 4.21 rc1 is tagged. You can check that out from xen.git: git://xenbits.xen.org/xen.git 4.21.0-rc1 For your convenience there is also a tarball and the signature at: https://downloads.xenproject.org/release/xen/4.21.0-rc1/xen-4.21.0-rc1.tar.gz And the signature is at: https://downloads.xenproject.org/release/xen/4.21.0-rc1/xen-4.21.0-rc1.tar.gz.sig Have a nice week! ~ Oleksii --------------QET1v2u4oLBXWmKoMaFyupyG Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit 
Hello everyone,

Xen 4.21 rc1 is tagged. You can check that out from xen.git:
  git://xenbits.xen.org/xen.git 4.21.0-rc1

For your convenience there is also a tarball and the signature at:
  https://downloads.xenproject.org/release/xen/4.21.0-rc1/xen-4.21.0-rc1.tar.gz

And the signature is at:
  https://downloads.xenproject.org/release/xen/4.21.0-rc1/xen-4.21.0-rc1.tar.gz.sig

Have a nice week!

~ Oleksii


--------------QET1v2u4oLBXWmKoMaFyupyG-- From xen-announce-bounces@lists.xenproject.org Tue Oct 21 12:00:52 2025 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 21 Oct 2025 12:00:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1147032.1479346 (Exim 4.92) (envelope-from ) id 1vBB2N-0005t2-Vl; Tue, 21 Oct 2025 12:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1147032.1479346; Tue, 21 Oct 2025 12:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vBB2N-0005sr-Rq; Tue, 21 Oct 2025 12:00:23 +0000 Received: by outflank-mailman (input) for mailman id 1147032; Tue, 21 Oct 2025 12:00:22 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vBB2M-0005sa-A2 for xen-announce@lists.xen.org; Tue, 21 Oct 2025 12:00:22 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8281166a-ae75-11f0-9d15-b5c5bf9af7f9; Tue, 21 Oct 2025 14:00:20 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1vBB2B-00Chk7-1N; Tue, 21 Oct 2025 12:00:11 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1vBB2B-005gLp-1f; Tue, 21 Oct 2025 12:00:11 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 8281166a-ae75-11f0-9d15-b5c5bf9af7f9 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 475 v2 (CVE-2025-58147,CVE-2025-58148) - x86: Incorrect input sanitisation in Viridian hypercalls Message-Id: Date: Tue, 21 Oct 2025 12:00:11 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2025-58147,CVE-2025-58148 / XSA-475 version 2 x86: Incorrect input sanitisation in Viridian hypercalls UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer. IMPACT ====== A buggy or malicious guest can cause Denial of Service (DoS) affecting the entire host, information leaks, or elevation of privilege. VULNERABLE SYSTEMS ================== Xen versions 4.15 and newer are vulnerable. Versions 4.14 and older are not vulnerable. Only x86 HVM guests which have Viridian enabled can leverage the vulnerability. With the `xl` toolstack, this means any `viridian=` setting in the VM's configuration file. Note - despite: `viridian=["!hcall_remote_tlb_flush", "!hcall_ipi", "!ex_processor_masks"]` being documented to turns off the relevant functionality, this configuration does not block the relevant hypercalls. MITIGATION ========== Not enabling Viridian will avoid the issuse. CREDITS ======= This issue was discovered by Teddy Astie of Vates RESOLUTION ========== Applying the appropriate set of attached patches resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa475-?.patch xen-unstable - Xen 4.20.x xsa475-4.19-?.patch Xen 4.19.x - Xen 4.17.x $ sha256sum xsa475* 25ba4933e4cf94e81d192f3ba522ec7b258c6e69015a43d169b0325e61957f42 xsa475-1.patch d012541f99c69279b30554e8ea7a7da2790aaa6ff81b0d597f305e4498391369 xsa475-2.patch 6b820b116418e6fd376b6d23ede589e4f86fea4ea775e9afb5c631ceba44d05f xsa475-4.19-1.patch f94b48392179bc08f412ead900a91299ef3a27a6dd4f5fdcf7a152fd65d3a02b xsa475-4.19-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches (but not mitigations) described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. This is because the mitigations are guest visible changes, and hence could give hints to users about the upcoming vulnerabilities. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmj3daEMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZnvgIAJzU/Bczr7/Gj3pIqop+rgDsoLw/PU2tGkwhumJQ 0lICxaHWlqrk8cL0y+Ll0nQV4DTwoZbhSm9Bz3S9ZKo6/Qby9YZzo0Tyt9U2OxNU YTpiYGSwrSlCs8cpfj4gwKGzEZ0nNTBTVbAa9UfqIYcvNF4j/L0Tnl6cJOZ/xNhh 8BoH02j+vCF8B8ZInutJjHhKPtrmDta0/md9R4Ydrx4OrLlAoYA4hKnkOuBWfhHg amL1aJ3vk9kNNkP6sO19Vnp5KTawnLGZwN95+FDlDGuh8n8ixKfURvZ9eK8Ycfir naItP4wBkFC9ukzlvGtkwoHPDspxKjtFTYfNvVNvoV6JOWc= =oSQZ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa475-1.patch" Content-Disposition: attachment; filename="xsa475-1.patch" Content-Transfer-Encoding: base64 RnJvbTogVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVzLnRlY2g+ClN1 YmplY3Q6IHg4Ni92aXJpZGlhbjogRW5mb3JjZSBib3VuZHMgY2hlY2sgaW4g dnBtYXNrX3NldCgpCgpDYWxsZXJzIGNhbiBwYXNzIHZwL21hc2sgdmFsdWVz IHdoaWNoIGV4Y2VlZCB0aGUgc2l6ZSBvZiB2cG1hc2stPm1hc2suICBFbnN1 cmUKd2Ugb25seSBzZXQgYml0cyB3aGljaCBhcmUgd2l0aGluIGJvdW5kcy4K ClRoaXMgaXMgWFNBLTQ3NSAvIENWRS0yMDI1LTU4MTQ3LgoKRml4ZXM6IGI0 MTI0NjgyZGI2ZSAoInZpcmlkaWFuOiBhZGQgRXhQcm9jZXNzb3JNYXNrcyB2 YXJpYW50cyBvZiB0aGUgZmx1c2ggaHlwZXJjYWxscyIpClNpZ25lZC1vZmYt Ynk6IFRlZGR5IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpSZXZp ZXdlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4 LmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFu L3ZpcmlkaWFuLmMgYi94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3Zpcmlk aWFuLmMKaW5kZXggYzBiZTI0YmQyMjEwLi43MDNmOWFjOGJjYzEgMTAwNjQ0 Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vdmlyaWRpYW4vdmlyaWRpYW4uYwor KysgYi94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3ZpcmlkaWFuLmMKQEAg LTU2Miw3ICs1NjIsOCBAQCBzdGF0aWMgdm9pZCB2cG1hc2tfc2V0KHN0cnVj dCBoeXBlcmNhbGxfdnBtYXNrICp2cG1hc2ssIHVuc2lnbmVkIGludCB2cCwK IAogICAgICAgICBpZiAoIG1hc2sgJiAxICkKICAgICAgICAgewotICAgICAg ICAgICAgQVNTRVJUKHZwIDwgSFZNX01BWF9WQ1BVUyk7CisgICAgICAgICAg ICBpZiAoIHZwID49IEhWTV9NQVhfVkNQVVMgKQorICAgICAgICAgICAgICAg IGJyZWFrOwogICAgICAgICAgICAgX19zZXRfYml0KHZwLCB2cG1hc2stPm1h c2spOwogICAgICAgICB9CiAK --=separator Content-Type: application/octet-stream; name="xsa475-2.patch" Content-Disposition: attachment; filename="xsa475-2.patch" Content-Transfer-Encoding: base64 RnJvbTogVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVzLnRlY2g+ClN1 YmplY3Q6IHg4Ni92aXJpZGlhbjogRW5mb3JjZSBib3VuZHMgY2hlY2sgaW4g c2VuZF9pcGkoKQoKQ2FsbGVycyBjYW4gcGFzcyBpbiBhIHZwbWFzayB3aGlj aCBleGNlZWRzIGQtPm1heF92Y3B1cy4gIFByZXZlbnQgb3V0LW9mLWJvdW5k CnJlYWRzIG9mIGQtPnZjcHVbXS4KClRoaXMgaXMgWFNBLTQ3NSAvIENWRS0y MDI1LTU4MTQ4LgoKRml4ZXM6IDcyOGFjYmExYmE0YSAoInZpcmlkaWFuOiB1 c2UgaHlwZXJjYWxsX3ZwbWFzayBpbiBodmNhbGxfaXBpKCkiKQpTaWduZWQt b2ZmLWJ5OiBUZWRkeSBBc3RpZSA8dGVkZHkuYXN0aWVAdmF0ZXMudGVjaD4K UmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNp dHJpeC5jb20+CgpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L2h2bS92aXJp ZGlhbi92aXJpZGlhbi5jIGIveGVuL2FyY2gveDg2L2h2bS92aXJpZGlhbi92 aXJpZGlhbi5jCmluZGV4IDcwM2Y5YWM4YmNjMS4uZjc5Y2ZmY2IzNzY3IDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3ZpcmlkaWFu LmMKKysrIGIveGVuL2FyY2gveDg2L2h2bS92aXJpZGlhbi92aXJpZGlhbi5j CkBAIC01NzcsMjYgKzU3Nyw2IEBAIHN0YXRpYyB2b2lkIHZwbWFza19maWxs KHN0cnVjdCBoeXBlcmNhbGxfdnBtYXNrICp2cG1hc2spCiAgICAgYml0bWFw X2ZpbGwodnBtYXNrLT5tYXNrLCBIVk1fTUFYX1ZDUFVTKTsKIH0KIAotc3Rh dGljIHVuc2lnbmVkIGludCB2cG1hc2tfZmlyc3QoY29uc3Qgc3RydWN0IGh5 cGVyY2FsbF92cG1hc2sgKnZwbWFzaykKLXsKLSAgICByZXR1cm4gZmluZF9m aXJzdF9iaXQodnBtYXNrLT5tYXNrLCBIVk1fTUFYX1ZDUFVTKTsKLX0KLQot c3RhdGljIHVuc2lnbmVkIGludCB2cG1hc2tfbmV4dChjb25zdCBzdHJ1Y3Qg aHlwZXJjYWxsX3ZwbWFzayAqdnBtYXNrLAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB1bnNpZ25lZCBpbnQgdnApCi17Ci0gICAgLyoKLSAg ICAgKiBJZiB2cCArIDEgPiBIVk1fTUFYX1ZDUFVTIHRoZW4gZmluZF9uZXh0 X2JpdCgpIHdpbGwgcmV0dXJuCi0gICAgICogSFZNX01BWF9WQ1BVUywgZW5z dXJpbmcgdGhlIGZvcl9lYWNoX3ZwICggLi4uICkgbG9vcCB0ZXJtaW5hdGVz LgotICAgICAqLwotICAgIHJldHVybiBmaW5kX25leHRfYml0KHZwbWFzay0+ bWFzaywgSFZNX01BWF9WQ1BVUywgdnAgKyAxKTsKLX0KLQotI2RlZmluZSBm b3JfZWFjaF92cCh2cG1hc2ssIHZwKSBcCi0JZm9yICggKHZwKSA9IHZwbWFz a19maXJzdCh2cG1hc2spOyBcCi0JICAgICAgKHZwKSA8IEhWTV9NQVhfVkNQ VVM7IFwKLQkgICAgICAodnApID0gdnBtYXNrX25leHQodnBtYXNrLCB2cCkg KQotCiBzdGF0aWMgdW5zaWduZWQgaW50IHZwbWFza19ucihjb25zdCBzdHJ1 Y3QgaHlwZXJjYWxsX3ZwbWFzayAqdnBtYXNrKQogewogICAgIHJldHVybiBi aXRtYXBfd2VpZ2h0KHZwbWFzay0+bWFzaywgSFZNX01BWF9WQ1BVUyk7CkBA IC04MTMsNyArNzkzLDcgQEAgc3RhdGljIHZvaWQgc2VuZF9pcGkoc3RydWN0 IGh5cGVyY2FsbF92cG1hc2sgKnZwbWFzaywgdWludDhfdCB2ZWN0b3IpCiAg ICAgaWYgKCBuciA+IDEgKQogICAgICAgICBjcHVfcmFpc2Vfc29mdGlycV9i YXRjaF9iZWdpbigpOwogCi0gICAgZm9yX2VhY2hfdnAgKCB2cG1hc2ssIHZw ICkKKyAgICBiaXRtYXBfZm9yX2VhY2ggKCB2cCwgdnBtYXNrLT5tYXNrLCBj dXJyZC0+bWF4X3ZjcHVzICkKICAgICB7CiAgICAgICAgIHN0cnVjdCB2bGFw aWMgKnZsYXBpYyA9IHZjcHVfdmxhcGljKGN1cnJkLT52Y3B1W3ZwXSk7CiAK --=separator Content-Type: application/octet-stream; name="xsa475-4.19-1.patch" Content-Disposition: attachment; filename="xsa475-4.19-1.patch" Content-Transfer-Encoding: base64 RnJvbTogVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVzLnRlY2g+ClN1 YmplY3Q6IHg4Ni92aXJpZGlhbjogRW5mb3JjZSBib3VuZHMgY2hlY2sgaW4g dnBtYXNrX3NldCgpCgpDYWxsZXJzIGNhbiBwYXNzIHZwL21hc2sgdmFsdWVz IHdoaWNoIGV4Y2VlZCB0aGUgc2l6ZSBvZiB2cG1hc2stPm1hc2suICBFbnN1 cmUKd2Ugb25seSBzZXQgYml0cyB3aGljaCBhcmUgd2l0aGluIGJvdW5kcy4K ClRoaXMgaXMgWFNBLTQ3NSAvIENWRS0yMDI1LTU4MTQ3LgoKRml4ZXM6IGI0 MTI0NjgyZGI2ZSAoInZpcmlkaWFuOiBhZGQgRXhQcm9jZXNzb3JNYXNrcyB2 YXJpYW50cyBvZiB0aGUgZmx1c2ggaHlwZXJjYWxscyIpClNpZ25lZC1vZmYt Ynk6IFRlZGR5IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpSZXZp ZXdlZC1ieTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4 LmNvbT4KCmRpZmYgLS1naXQgYS94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFu L3ZpcmlkaWFuLmMgYi94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3Zpcmlk aWFuLmMKaW5kZXggYTQxYTcwZTM3YTI5Li40MWU5M2VmMjBmYjIgMTAwNjQ0 Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vdmlyaWRpYW4vdmlyaWRpYW4uYwor KysgYi94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3ZpcmlkaWFuLmMKQEAg LTU2Miw3ICs1NjIsOCBAQCBzdGF0aWMgdm9pZCB2cG1hc2tfc2V0KHN0cnVj dCBoeXBlcmNhbGxfdnBtYXNrICp2cG1hc2ssIHVuc2lnbmVkIGludCB2cCwK IAogICAgICAgICBpZiAoIG1hc2sgJiAxICkKICAgICAgICAgewotICAgICAg ICAgICAgQVNTRVJUKHZwIDwgSFZNX01BWF9WQ1BVUyk7CisgICAgICAgICAg ICBpZiAoIHZwID49IEhWTV9NQVhfVkNQVVMgKQorICAgICAgICAgICAgICAg IGJyZWFrOwogICAgICAgICAgICAgX19zZXRfYml0KHZwLCB2cG1hc2stPm1h c2spOwogICAgICAgICB9CiAK --=separator Content-Type: application/octet-stream; name="xsa475-4.19-2.patch" Content-Disposition: attachment; filename="xsa475-4.19-2.patch" Content-Transfer-Encoding: base64 RnJvbTogVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVzLnRlY2g+ClN1 YmplY3Q6IHg4Ni92aXJpZGlhbjogRW5mb3JjZSBib3VuZHMgY2hlY2sgaW4g c2VuZF9pcGkoKQoKQ2FsbGVycyBjYW4gcGFzcyBpbiBhIHZwbWFzayB3aGlj aCBleGNlZWRzIGQtPm1heF92Y3B1cy4gIFByZXZlbnQgb3V0LW9mLWJvdW5k CnJlYWRzIG9mIGQtPnZjcHVbXS4KClRoaXMgaXMgWFNBLTQ3NSAvIENWRS0y MDI1LTU4MTQ4LgoKRml4ZXM6IDcyOGFjYmExYmE0YSAoInZpcmlkaWFuOiB1 c2UgaHlwZXJjYWxsX3ZwbWFzayBpbiBodmNhbGxfaXBpKCkiKQpTaWduZWQt b2ZmLWJ5OiBUZWRkeSBBc3RpZSA8dGVkZHkuYXN0aWVAdmF0ZXMudGVjaD4K UmV2aWV3ZWQtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNp dHJpeC5jb20+CgpkaWZmIC0tZ2l0IGEveGVuL2FyY2gveDg2L2h2bS92aXJp ZGlhbi92aXJpZGlhbi5jIGIveGVuL2FyY2gveDg2L2h2bS92aXJpZGlhbi92 aXJpZGlhbi5jCmluZGV4IDQxZTkzZWYyMGZiMi4uZDQ1NzUxMzY1ZmRlIDEw MDY0NAotLS0gYS94ZW4vYXJjaC94ODYvaHZtL3ZpcmlkaWFuL3ZpcmlkaWFu LmMKKysrIGIveGVuL2FyY2gveDg2L2h2bS92aXJpZGlhbi92aXJpZGlhbi5j CkBAIC01NzcsMjYgKzU3Nyw2IEBAIHN0YXRpYyB2b2lkIHZwbWFza19maWxs KHN0cnVjdCBoeXBlcmNhbGxfdnBtYXNrICp2cG1hc2spCiAgICAgYml0bWFw X2ZpbGwodnBtYXNrLT5tYXNrLCBIVk1fTUFYX1ZDUFVTKTsKIH0KIAotc3Rh dGljIHVuc2lnbmVkIGludCB2cG1hc2tfZmlyc3QoY29uc3Qgc3RydWN0IGh5 cGVyY2FsbF92cG1hc2sgKnZwbWFzaykKLXsKLSAgICByZXR1cm4gZmluZF9m aXJzdF9iaXQodnBtYXNrLT5tYXNrLCBIVk1fTUFYX1ZDUFVTKTsKLX0KLQot c3RhdGljIHVuc2lnbmVkIGludCB2cG1hc2tfbmV4dChjb25zdCBzdHJ1Y3Qg aHlwZXJjYWxsX3ZwbWFzayAqdnBtYXNrLAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB1bnNpZ25lZCBpbnQgdnApCi17Ci0gICAgLyoKLSAg ICAgKiBJZiB2cCArIDEgPiBIVk1fTUFYX1ZDUFVTIHRoZW4gZmluZF9uZXh0 X2JpdCgpIHdpbGwgcmV0dXJuCi0gICAgICogSFZNX01BWF9WQ1BVUywgZW5z dXJpbmcgdGhlIGZvcl9lYWNoX3ZwICggLi4uICkgbG9vcCB0ZXJtaW5hdGVz LgotICAgICAqLwotICAgIHJldHVybiBmaW5kX25leHRfYml0KHZwbWFzay0+ bWFzaywgSFZNX01BWF9WQ1BVUywgdnAgKyAxKTsKLX0KLQotI2RlZmluZSBm b3JfZWFjaF92cCh2cG1hc2ssIHZwKSBcCi0JZm9yICggKHZwKSA9IHZwbWFz a19maXJzdCh2cG1hc2spOyBcCi0JICAgICAgKHZwKSA8IEhWTV9NQVhfVkNQ VVM7IFwKLQkgICAgICAodnApID0gdnBtYXNrX25leHQodnBtYXNrLCB2cCkg KQotCiBzdGF0aWMgdW5zaWduZWQgaW50IHZwbWFza19ucihjb25zdCBzdHJ1 Y3QgaHlwZXJjYWxsX3ZwbWFzayAqdnBtYXNrKQogewogICAgIHJldHVybiBi aXRtYXBfd2VpZ2h0KHZwbWFzay0+bWFzaywgSFZNX01BWF9WQ1BVUyk7CkBA IC04MTMsNyArNzkzLDcgQEAgc3RhdGljIHZvaWQgc2VuZF9pcGkoc3RydWN0 IGh5cGVyY2FsbF92cG1hc2sgKnZwbWFzaywgdWludDhfdCB2ZWN0b3IpCiAg ICAgaWYgKCBuciA+IDEgKQogICAgICAgICBjcHVfcmFpc2Vfc29mdGlycV9i YXRjaF9iZWdpbigpOwogCi0gICAgZm9yX2VhY2hfdnAgKCB2cG1hc2ssIHZw ICkKKyAgICBmb3JfZWFjaF9zZXRfYml0ICggdnAsIHZwbWFzay0+bWFzaywg Y3VycmQtPm1heF92Y3B1cyApCiAgICAgewogICAgICAgICBzdHJ1Y3Qgdmxh cGljICp2bGFwaWMgPSB2Y3B1X3ZsYXBpYyhjdXJyZC0+dmNwdVt2cF0pOwog Cg== --=separator-- From xen-announce-bounces@lists.xenproject.org Fri Oct 24 12:14:57 2025 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 24 Oct 2025 12:14:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1150121.1481382 (Exim 4.92) (envelope-from ) id 1vCGgk-0006iT-Ug; Fri, 24 Oct 2025 12:14:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1150121.1481382; Fri, 24 Oct 2025 12:14:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vCGgk-0006iL-Pu; Fri, 24 Oct 2025 12:14:34 +0000 Received: by outflank-mailman (input) for mailman id 1150121; Fri, 24 Oct 2025 12:14:33 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vCGgi-0006Wk-Vt for xen-announce@lists.xen.org; Fri, 24 Oct 2025 12:14:33 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f6d9b689-b0d2-11f0-980a-7dc792cee155; Fri, 24 Oct 2025 14:14:19 +0200 (CEST) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1vCGgP-00HRHW-0s; Fri, 24 Oct 2025 12:14:13 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1vCGgP-00EOqt-1K; Fri, 24 Oct 2025 12:14:13 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: f6d9b689-b0d2-11f0-980a-7dc792cee155 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 476 v1 (CVE-2025-58149) - Incorrect removal of permissions on PCI device unplug Message-Id: Date: Fri, 24 Oct 2025 12:14:13 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2025-58149 / XSA-476 Incorrect removal of permissions on PCI device unplug ISSUE DESCRIPTION ================= When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m. IMPACT ====== A buggy or malicious PV guest can access memory of PCI devices no longer assigned to it. VULNERABLE SYSTEMS ================== Xen versions 4.0 and newer are vulnerable. Only PV guests with PCI passthrough devices can leverage the vulnerability. Only domains whose PCI devices are managed by the libxl library are affected. This includes the xl toolstack and xapi, which uses the xl toolstack when dealing with PCI devices. HVM guests are also affected, but accessing the leaked memory requires an additional compromised component on the system. MITIGATION ========== Not doing hot unplug of PCI devices will avoid the vulnerability. Passing through PCI devices to HVM domains only will also limit the impact, as an attacker would require another compromised component to exploit it. CREDITS ======= This issue was discovered by Jiqian Chen of AMD and diagnosed as a security issue by Roger Pau Monné of XenServer. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa476.patch xen-unstable xsa476-4.20.patch Xen 4.20.x - Xen 4.18.x xsa476-4.17.patch Xen 4.17.x $ sha256sum xsa476* ee4c2fa73d38c5c699006b6317ba53f20343af0593ff9a8c38e7e59b69a0beca xsa476.patch 3b921545f023dc7d9d943d0d661e677711458a917630de14f0871b03db0f2148 xsa476-4.17.patch 5babfaa3680de9950d3391a78e4956b5c18d54eaac9938c6cde2433a2ad3f27d xsa476-4.20.patch $ NOTE REGARDING LACK OF EMBARGO ============================== This issue was discussed in public already. -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmj7bXYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZEIEH/ApNvYmMcqqEyOMgGV/VVmEMcXsAy1Ps3rMdDe9U YLsa7ugJLQ/kMI70y0qzws8Uc/kVftl6Z3NbvhpnBMdpurEbZnVuuPtV5I08BF7G 23Qij+NNXSFdUzZVtgqz+POuhpVmrZgEwmg2HXsL1h2KgirUgwh5Nbs4ZuAlbz/f 05tiljIdv4ntqz8sczUxUmtw3XuzcTu0GS8EtPSoAEC5paK72X+5i496qDKpgtqv gdnxqDL2s5ue3G029e9JA3pscVQTMYa3InNiHK28GAM2BW10op1JaxVl/JLN1zzL igpd+u6Fs73qNzcClXQ48YEBkCoTTIdhIrl0mSp4zTfN9dk= =MBxa -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa476.patch" Content-Disposition: attachment; filename="xsa476.patch" Content-Transfer-Encoding: base64 RnJvbTogSmlxaWFuIENoZW4gPEppcWlhbi5DaGVuQGFtZC5jb20+ClN1Ympl Y3Q6IHRvb2xzL2xpYnMvbGlnaHQ6IGZpeCBCQVIgbWVtb3J5IGFkZHJlc3Mg dHJ1bmNhdGlvbgoKNjQtYml0IEJBUiBtZW1vcnkgYWRkcmVzcyBpcyB0cnVu Y2F0ZWQgd2hlbiByZW1vdmluZyBhIHBhc3N0aHJvdWdoCnBjaSBkZXZpY2Ug ZnJvbSBndWVzdCBzaW5jZSBpdCB1c2VzICJ1bnNpZ25lZCBpbnQiLgoKU28s IGNoYW5nZSB0byB1c2UgNjQtYml0IHR5cGUgdG8gZml4IHRoaXMgcHJvYmxl bS4KClRoaXMgaXMgWFNBLTQ3NiAvIENWRS0yMDI1LTU4MTQ5LgoKRml4ZXM6 IGIwYTFhZjYxNjc4YiAoImxpYnhlbmxpZ2h0OiBpbXBsZW1lbnQgcGNpIHBh c3N0aHJvdWdoIikKU2lnbmVkLW9mZi1ieTogSmlxaWFuIENoZW4gPEppcWlh bi5DaGVuQGFtZC5jb20+ClJlbGVhc2UtQWNrZWQtYnk6IE9sZWtzaWkgS3Vy b2Noa28gPG9sZWtzaWkua3Vyb2Noa29AZ21haWwuY29tPgpSZXZpZXdlZC1i eTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpBY2tlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQHZhdGVzLnRlY2g+Cgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2kuYyBiL3Rv b2xzL2xpYnMvbGlnaHQvbGlieGxfcGNpLmMKaW5kZXggMmVhMmNhZWI2NjI0 Li40OWQyNzJkMGRlNjUgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQv bGlieGxfcGNpLmMKKysrIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2ku YwpAQCAtMjAwMSw3ICsyMDAxLDggQEAgc3RhdGljIHZvaWQgcGNpX3JlbW92 ZV9kZXRhY2hlZChsaWJ4bF9fZWdjICplZ2MsCiB7CiAgICAgU1RBVEVfQU9f R0MocHJzLT5hb2Rldi0+YW8pOwogICAgIGxpYnhsX2N0eCAqY3R4ID0gbGli eGxfX2djX293bmVyKGdjKTsKLSAgICB1bnNpZ25lZCBpbnQgc3RhcnQgPSAw LCBlbmQgPSAwLCBmbGFncyA9IDAsIHNpemUgPSAwLCBpcnEgPSAwOworICAg IHVpbnQ2NF90IHN0YXJ0ID0gMCwgZW5kID0gMCwgZmxhZ3MgPSAwLCBzaXpl ID0gMDsKKyAgICB1bnNpZ25lZCBpbnQgaXJxID0gMDsKICAgICBpbnQgaSwg c3R1YmRvbWlkID0gMDsKICAgICBjb25zdCBjaGFyICpzeXNmc19wYXRoOwog ICAgIEZJTEUgKmY7CkBAIC0yMDMxLDcgKzIwMzIsOCBAQCBzdGF0aWMgdm9p ZCBwY2lfcmVtb3ZlX2RldGFjaGVkKGxpYnhsX19lZ2MgKmVnYywKICAgICB9 CiAKICAgICBmb3IgKGkgPSAwOyBpIDwgUFJPQ19QQ0lfTlVNX1JFU09VUkNF UzsgaSsrKSB7Ci0gICAgICAgIGlmIChmc2NhbmYoZiwgIjB4JXggMHgleCAw eCV4XG4iLCAmc3RhcnQsICZlbmQsICZmbGFncykgIT0gMykKKyAgICAgICAg aWYgKGZzY2FuZihmLCAiMHglIlNDTng2NCIgMHglIlNDTng2NCIgMHglIlND Tng2NCJcbiIsCisgICAgICAgICAgICAgICAgICAgJnN0YXJ0LCAmZW5kLCAm ZmxhZ3MpICE9IDMpCiAgICAgICAgICAgICBjb250aW51ZTsKICAgICAgICAg c2l6ZSA9IGVuZCAtIHN0YXJ0ICsgMTsKICAgICAgICAgaWYgKHN0YXJ0KSB7 CkBAIC0yMDQwLDcgKzIwNDIsNyBAQCBzdGF0aWMgdm9pZCBwY2lfcmVtb3Zl X2RldGFjaGVkKGxpYnhsX19lZ2MgKmVnYywKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplLCAwKTsKICAg ICAgICAgICAgICAgICBpZiAocmMgPCAwKQogICAgICAgICAgICAgICAgICAg ICBMT0dFRChFUlJPUiwgZG9taWQsCi0gICAgICAgICAgICAgICAgICAgICAg ICAgICJ4Y19kb21haW5faW9wb3J0X3Blcm1pc3Npb24gZXJyb3IgMHgleC8w eCV4IiwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgInhjX2RvbWFpbl9p b3BvcnRfcGVybWlzc2lvbiBlcnJvciAlIyJQUkl4NjQiLyUjIlBSSXg2NCwK ICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RhcnQsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgIHNpemUpOwogICAgICAgICAgICAgfSBlbHNlIHsK QEAgLTIwNTAsNyArMjA1Miw3IEBAIHN0YXRpYyB2b2lkIHBjaV9yZW1vdmVf ZGV0YWNoZWQobGlieGxfX2VnYyAqZWdjLAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgMCk7CiAgICAgICAgICAg ICAgICAgaWYgKHJjIDwgMCkKICAgICAgICAgICAgICAgICAgICAgTE9HRUQo RVJST1IsIGRvbWlkLAotICAgICAgICAgICAgICAgICAgICAgICAgICAieGNf ZG9tYWluX2lvbWVtX3Blcm1pc3Npb24gZXJyb3IgMHgleC8weCV4IiwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgInhjX2RvbWFpbl9pb21lbV9wZXJt aXNzaW9uIGVycm9yICUjIlBSSXg2NCIvJSMiUFJJeDY0LAogICAgICAgICAg ICAgICAgICAgICAgICAgICBzdGFydCwKICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZSk7CiAgICAgICAgICAgICB9Cg== --=separator Content-Type: application/octet-stream; name="xsa476-4.17.patch" Content-Disposition: attachment; filename="xsa476-4.17.patch" Content-Transfer-Encoding: base64 RnJvbTogSmlxaWFuIENoZW4gPEppcWlhbi5DaGVuQGFtZC5jb20+ClN1Ympl Y3Q6IHRvb2xzL2xpYnMvbGlnaHQ6IGZpeCBCQVIgbWVtb3J5IGFkZHJlc3Mg dHJ1bmNhdGlvbgoKNjQtYml0IEJBUiBtZW1vcnkgYWRkcmVzcyBpcyB0cnVu Y2F0ZWQgd2hlbiByZW1vdmluZyBhIHBhc3N0aHJvdWdoCnBjaSBkZXZpY2Ug ZnJvbSBndWVzdCBzaW5jZSBpdCB1c2VzICJ1bnNpZ25lZCBpbnQiLgoKU28s IGNoYW5nZSB0byB1c2UgNjQtYml0IHR5cGUgdG8gZml4IHRoaXMgcHJvYmxl bS4KClRoaXMgaXMgWFNBLTQ3NiAvIENWRS0yMDI1LTU4MTQ5LgoKRml4ZXM6 IGIwYTFhZjYxNjc4YiAoImxpYnhlbmxpZ2h0OiBpbXBsZW1lbnQgcGNpIHBh c3N0aHJvdWdoIikKU2lnbmVkLW9mZi1ieTogSmlxaWFuIENoZW4gPEppcWlh bi5DaGVuQGFtZC5jb20+ClJlbGVhc2UtQWNrZWQtYnk6IE9sZWtzaWkgS3Vy b2Noa28gPG9sZWtzaWkua3Vyb2Noa29AZ21haWwuY29tPgpSZXZpZXdlZC1i eTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpBY2tlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQHZhdGVzLnRlY2g+Cgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2kuYyBiL3Rv b2xzL2xpYnMvbGlnaHQvbGlieGxfcGNpLmMKaW5kZXggZjRjNGYxNzU0NTRk Li4zN2UyZTI2MjQ3N2UgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQv bGlieGxfcGNpLmMKKysrIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2ku YwpAQCAtMTk5NSw3ICsxOTk1LDcgQEAgc3RhdGljIHZvaWQgZG9fcGNpX3Jl bW92ZShsaWJ4bF9fZWdjICplZ2MsIHBjaV9yZW1vdmVfc3RhdGUgKnBycykK ICAgICAgICAgY2hhciAqc3lzZnNfcGF0aCA9IEdDU1BSSU5URihTWVNGU19Q Q0lfREVWIi8iUENJX0JERiIvcmVzb3VyY2UiLCBwY2ktPmRvbWFpbiwKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwY2ktPmJ1cywg cGNpLT5kZXYsIHBjaS0+ZnVuYyk7CiAgICAgICAgIEZJTEUgKmYgPSBmb3Bl bihzeXNmc19wYXRoLCAiciIpOwotICAgICAgICB1bnNpZ25lZCBpbnQgc3Rh cnQgPSAwLCBlbmQgPSAwLCBmbGFncyA9IDAsIHNpemUgPSAwOworICAgICAg ICB1aW50NjRfdCBzdGFydCA9IDAsIGVuZCA9IDAsIGZsYWdzID0gMCwgc2l6 ZSA9IDA7CiAgICAgICAgIGludCBpcnEgPSAwOwogICAgICAgICBpbnQgaTsK IApAQCAtMjAwNCw3ICsyMDA0LDggQEAgc3RhdGljIHZvaWQgZG9fcGNpX3Jl bW92ZShsaWJ4bF9fZWdjICplZ2MsIHBjaV9yZW1vdmVfc3RhdGUgKnBycykK ICAgICAgICAgICAgIGdvdG8gc2tpcDE7CiAgICAgICAgIH0KICAgICAgICAg Zm9yIChpID0gMDsgaSA8IFBST0NfUENJX05VTV9SRVNPVVJDRVM7IGkrKykg ewotICAgICAgICAgICAgaWYgKGZzY2FuZihmLCAiMHgleCAweCV4IDB4JXhc biIsICZzdGFydCwgJmVuZCwgJmZsYWdzKSAhPSAzKQorICAgICAgICAgICAg aWYgKGZzY2FuZihmLCAiMHglIlNDTng2NCIgMHglIlNDTng2NCIgMHglIlND Tng2NCJcbiIsCisgICAgICAgICAgICAgICAgICAgICAgICZzdGFydCwgJmVu ZCwgJmZsYWdzKSAhPSAzKQogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwog ICAgICAgICAgICAgc2l6ZSA9IGVuZCAtIHN0YXJ0ICsgMTsKICAgICAgICAg ICAgIGlmIChzdGFydCkgewpAQCAtMjAxMiw3ICsyMDEzLDcgQEAgc3RhdGlj IHZvaWQgZG9fcGNpX3JlbW92ZShsaWJ4bF9fZWdjICplZ2MsIHBjaV9yZW1v dmVfc3RhdGUgKnBycykKICAgICAgICAgICAgICAgICAgICAgcmMgPSB4Y19k b21haW5faW9wb3J0X3Blcm1pc3Npb24oY3R4LT54Y2gsIGRvbWlkLCBzdGFy dCwgc2l6ZSwgMCk7CiAgICAgICAgICAgICAgICAgICAgIGlmIChyYyA8IDAp CiAgICAgICAgICAgICAgICAgICAgICAgICBMT0dFRChFUlJPUiwgZG9tYWlu aWQsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieGNfZG9tYWlu X2lvcG9ydF9wZXJtaXNzaW9uIGVycm9yIDB4JXgvMHgleCIsCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAieGNfZG9tYWluX2lvcG9ydF9wZXJt aXNzaW9uIGVycm9yICUjIlBSSXg2NCIvJSMiUFJJeDY0LAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgc3RhcnQsCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBzaXplKTsKICAgICAgICAgICAgICAgICB9IGVsc2Ug ewpAQCAtMjAyMCw3ICsyMDIxLDcgQEAgc3RhdGljIHZvaWQgZG9fcGNpX3Jl bW92ZShsaWJ4bF9fZWdjICplZ2MsIHBjaV9yZW1vdmVfc3RhdGUgKnBycykK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAoc2l6ZSsoWENfUEFHRV9TSVpFLTEpKT4+WENfUEFHRV9TSElG VCwgMCk7CiAgICAgICAgICAgICAgICAgICAgIGlmIChyYyA8IDApCiAgICAg ICAgICAgICAgICAgICAgICAgICBMT0dFRChFUlJPUiwgZG9tYWluaWQsCi0g ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAieGNfZG9tYWluX2lvbWVt X3Blcm1pc3Npb24gZXJyb3IgMHgleC8weCV4IiwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICJ4Y19kb21haW5faW9tZW1fcGVybWlzc2lvbiBl cnJvciAlIyJQUkl4NjQiLyUjIlBSSXg2NCwKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0YXJ0LAogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZSk7CiAgICAgICAgICAgICAgICAgfQo= --=separator Content-Type: application/octet-stream; name="xsa476-4.20.patch" Content-Disposition: attachment; filename="xsa476-4.20.patch" Content-Transfer-Encoding: base64 RnJvbTogSmlxaWFuIENoZW4gPEppcWlhbi5DaGVuQGFtZC5jb20+ClN1Ympl Y3Q6IHRvb2xzL2xpYnMvbGlnaHQ6IGZpeCBCQVIgbWVtb3J5IGFkZHJlc3Mg dHJ1bmNhdGlvbgoKNjQtYml0IEJBUiBtZW1vcnkgYWRkcmVzcyBpcyB0cnVu Y2F0ZWQgd2hlbiByZW1vdmluZyBhIHBhc3N0aHJvdWdoCnBjaSBkZXZpY2Ug ZnJvbSBndWVzdCBzaW5jZSBpdCB1c2VzICJ1bnNpZ25lZCBpbnQiLgoKU28s IGNoYW5nZSB0byB1c2UgNjQtYml0IHR5cGUgdG8gZml4IHRoaXMgcHJvYmxl bS4KClRoaXMgaXMgWFNBLTQ3NiAvIENWRS0yMDI1LTU4MTQ5LgoKRml4ZXM6 IGIwYTFhZjYxNjc4YiAoImxpYnhlbmxpZ2h0OiBpbXBsZW1lbnQgcGNpIHBh c3N0aHJvdWdoIikKU2lnbmVkLW9mZi1ieTogSmlxaWFuIENoZW4gPEppcWlh bi5DaGVuQGFtZC5jb20+ClJlbGVhc2UtQWNrZWQtYnk6IE9sZWtzaWkgS3Vy b2Noa28gPG9sZWtzaWkua3Vyb2Noa29AZ21haWwuY29tPgpSZXZpZXdlZC1i eTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgpBY2tlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQHZhdGVzLnRlY2g+Cgpk aWZmIC0tZ2l0IGEvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2kuYyBiL3Rv b2xzL2xpYnMvbGlnaHQvbGlieGxfcGNpLmMKaW5kZXggMTY0N2ZkNmY0NzU2 Li43YWY2MDIyMjRhYmEgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnMvbGlnaHQv bGlieGxfcGNpLmMKKysrIGIvdG9vbHMvbGlicy9saWdodC9saWJ4bF9wY2ku YwpAQCAtMjE3OSw3ICsyMTc5LDcgQEAgc3RhdGljIHZvaWQgcGNpX3JlbW92 ZV9kZXRhY2hlZChsaWJ4bF9fZWdjICplZ2MsCiB7CiAgICAgU1RBVEVfQU9f R0MocHJzLT5hb2Rldi0+YW8pOwogICAgIGxpYnhsX2N0eCAqY3R4ID0gbGli eGxfX2djX293bmVyKGdjKTsKLSAgICB1bnNpZ25lZCBpbnQgc3RhcnQgPSAw LCBlbmQgPSAwLCBmbGFncyA9IDAsIHNpemUgPSAwOworICAgIHVpbnQ2NF90 IHN0YXJ0ID0gMCwgZW5kID0gMCwgZmxhZ3MgPSAwLCBzaXplID0gMDsKICAg ICBpbnQgIGlycSA9IDAsIGksIHN0dWJkb21pZCA9IDA7CiAgICAgY29uc3Qg Y2hhciAqc3lzZnNfcGF0aDsKICAgICBGSUxFICpmOwpAQCAtMjIwOSw3ICsy MjA5LDggQEAgc3RhdGljIHZvaWQgcGNpX3JlbW92ZV9kZXRhY2hlZChsaWJ4 bF9fZWdjICplZ2MsCiAgICAgfQogCiAgICAgZm9yIChpID0gMDsgaSA8IFBS T0NfUENJX05VTV9SRVNPVVJDRVM7IGkrKykgewotICAgICAgICBpZiAoZnNj YW5mKGYsICIweCV4IDB4JXggMHgleFxuIiwgJnN0YXJ0LCAmZW5kLCAmZmxh Z3MpICE9IDMpCisgICAgICAgIGlmIChmc2NhbmYoZiwgIjB4JSJTQ054NjQi IDB4JSJTQ054NjQiIDB4JSJTQ054NjQiXG4iLAorICAgICAgICAgICAgICAg ICAgICZzdGFydCwgJmVuZCwgJmZsYWdzKSAhPSAzKQogICAgICAgICAgICAg Y29udGludWU7CiAgICAgICAgIHNpemUgPSBlbmQgLSBzdGFydCArIDE7CiAg ICAgICAgIGlmIChzdGFydCkgewpAQCAtMjIxOCw3ICsyMjE5LDcgQEAgc3Rh dGljIHZvaWQgcGNpX3JlbW92ZV9kZXRhY2hlZChsaWJ4bF9fZWdjICplZ2Ms CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgc2l6ZSwgMCk7CiAgICAgICAgICAgICAgICAgaWYgKHJjIDwgMCkK ICAgICAgICAgICAgICAgICAgICAgTE9HRUQoRVJST1IsIGRvbWlkLAotICAg ICAgICAgICAgICAgICAgICAgICAgICAieGNfZG9tYWluX2lvcG9ydF9wZXJt aXNzaW9uIGVycm9yIDB4JXgvMHgleCIsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICJ4Y19kb21haW5faW9wb3J0X3Blcm1pc3Npb24gZXJyb3IgJSMi UFJJeDY0Ii8lIyJQUkl4NjQsCiAgICAgICAgICAgICAgICAgICAgICAgICAg IHN0YXJ0LAogICAgICAgICAgICAgICAgICAgICAgICAgICBzaXplKTsKICAg ICAgICAgICAgIH0gZWxzZSB7CkBAIC0yMjI4LDcgKzIyMjksNyBAQCBzdGF0 aWMgdm9pZCBwY2lfcmVtb3ZlX2RldGFjaGVkKGxpYnhsX19lZ2MgKmVnYywK ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIDApOwogICAgICAgICAgICAgICAgIGlmIChyYyA8IDApCiAgICAgICAg ICAgICAgICAgICAgIExPR0VEKEVSUk9SLCBkb21pZCwKLSAgICAgICAgICAg ICAgICAgICAgICAgICAgInhjX2RvbWFpbl9pb21lbV9wZXJtaXNzaW9uIGVy cm9yIDB4JXgvMHgleCIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICJ4 Y19kb21haW5faW9tZW1fcGVybWlzc2lvbiBlcnJvciAlIyJQUkl4NjQiLyUj IlBSSXg2NCwKICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RhcnQsCiAg ICAgICAgICAgICAgICAgICAgICAgICAgIHNpemUpOwogICAgICAgICAgICAg fQo= --=separator-- From xen-announce-bounces@lists.xenproject.org Sun Oct 26 13:21:07 2025 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 26 Oct 2025 13:21:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1148282.1481956 (Exim 4.92) (envelope-from ) id 1vD0fc-0004sG-6x; Sun, 26 Oct 2025 13:20:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1148282.1481956; Sun, 26 Oct 2025 13:20:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vD0fc-0004s5-2L; Sun, 26 Oct 2025 13:20:28 +0000 Received: by outflank-mailman (input) for mailman id 1148282; Wed, 22 Oct 2025 14:48:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vBa8o-00051Z-EK for xen-announce@lists.xenproject.org; Wed, 22 Oct 2025 14:48:42 +0000 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [2a00:1450:4864:20::533]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 326f523c-af56-11f0-980a-7dc792cee155; Wed, 22 Oct 2025 16:48:40 +0200 (CEST) Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-63c09141cabso10496802a12.0 for ; Wed, 22 Oct 2025 07:48:39 -0700 (PDT) Received: from [192.168.1.5] (user-109-243-146-38.play-internet.pl. [109.243.146.38]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b6d36b0eba4sm152096566b.47.2025.10.22.07.48.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 Oct 2025 07:48:38 -0700 (PDT) X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 326f523c-af56-11f0-980a-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761144519; x=1761749319; darn=lists.xenproject.org; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=RysLH4Z6/v7Zc7nVBXq2y7fwG9r6bT2HCxe4AkVI1YI=; b=X/q4x4EOQiJqv05Xzxi+Ve8NH4lVQgLMBt8nlfiRccHVS7IcoV7OdRylrQkTchGCIg WDxVO/HrrzBuTjb7zhXLs9xOVTgECvV1QG77w4vEbfq45andauO0r1wmFKSvOtgzSnjQ dEl4KllrsVC316ShchF0s1TXjvbzbrXXkmYIo+RonjD4K4iNGchIA/RjTF4cMYmeynvd c+yN0YDvulc2VTeFuhohxQxk4yf9LdFu/dO426oINysUEiOgRKQ3fCBTkYfxc9mDBZtb wwuEmwYGtvfQf2aEhRi3CJfqC4ELlPADbVHzMEZbgI7/HB77Uu+v99EYa7kUPOyMYErE s35Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761144519; x=1761749319; h=subject:from:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RysLH4Z6/v7Zc7nVBXq2y7fwG9r6bT2HCxe4AkVI1YI=; b=PyqCpGyAm+BXd5knH7y1d4mjodvJG2rzf6fWao+SY68fgXcOjoDmBRp2f9QNTGT3YU 2ORyeZ5enkdhz8pMA+0YvC7tJT3sED9PmymsYX7e6y7a1/FEcO4e1d8OIJL54sl+isRy km7ihRc7xaDRDsZiGL2q09xm6JK+OKiNMesK+j9Ihw0WCxjvwFW5MkuBu1O5pPUp6a1l LLq/5/3U5MMcskVT0zcHXlA1KxKb6Ohl+AsMvbisfm2zdwzxpVFf1WVwPsb4iJyCmTJa Vgn/wlZXvwxSSU85XutbH2MmCX2YEfenSx7plUUyVzu9ijkMkhAk9rpvnvkb8KJWjHkx tojA== X-Forwarded-Encrypted: i=1; AJvYcCXFZK+SrKtE5QyahIRvAW8lVfPv/QZA4nEtqOiFUUmdcSvJd8niJHoM0fyX5epMziCwZJ3YYgUaqvabMmI=@lists.xenproject.org X-Gm-Message-State: AOJu0YyRWAE1RkVD3yNzU9jna9TdvmHYxvkSM4Y7TJ9O86e01Gok/Gl7 qf2trTEJ1wtV0dZ84Kd9RtXFvbVGVOHAXtJ4BmdlQAVf2LUfmki1dlga X-Gm-Gg: ASbGnctZGy0rC+QJ5Cgi880xTzcTMhOTl+0CHH6fP6jPbk54ESmXqhCIOHSWomSVR0v y5gDv4kwKJ+KZizst8JYjPFLTx2r0QuBmKELp0CwvFtr3u+1lTxYBbrrDEIZkcRWArK7mgxu1By kI3VqMj272fIuhIDH0P/P7ZIOQ8B7iZkWWvwfYGUTz5ZaZSsldjVqYatl03F8+zkUropQZc0YHB ExkthDf+l8Lp+BuYbIx6m/0NKwQk6eDmWX3htBhg0nq9J8VkDOldd836IRrwj9cAI3HkXtBe8Ry XGYVHDoWNCjsOvw29eLyhhMg3QOyhK7wl5r2CFsW3ugA79KHEzVWfvQhWAC3i1BkNkAXaVufvFH /OR2ja2PbGWDWaFGUezFFXFNkIkEzhIgmftoL9YQdAHWtg3AOFdpKA+6AaR3teXN0Fs+oNOJhOd ccS+wVngJ5KUT0VLxizarqxqt48+ChsjidxiUJNlHhAyiIiLKYxMIxLtYl X-Google-Smtp-Source: AGHT+IHeFtW+4R8CQlGr5XX/R95uUw1wMnDxOuiAiKXvRtGrjMENC96vZsZBfQ7k+xUZZCBV7IIpVw== X-Received: by 2002:a17:906:fd87:b0:b07:c5b1:b129 with SMTP id a640c23a62f3a-b647195b8c3mr2686811266b.1.1761144519101; Wed, 22 Oct 2025 07:48:39 -0700 (PDT) Content-Type: multipart/alternative; boundary="------------QYI6grCkYridlXYS03aYmntk" Message-ID: Date: Wed, 22 Oct 2025 16:48:37 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Xen-devel Cc: xen-users@lists.xenproject.org, xen-announce@lists.xenproject.org, Community Manager , "committers@xenproject.org" From: Oleksii Kurochko Subject: [ANNOUNCEMENT] Xen 4.21.0-rc2 is tagged This is a multi-part message in MIME format. --------------QYI6grCkYridlXYS03aYmntk Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello everyone, Xen 4.21 rc2 is tagged. You can check that out from xen.git: git://xenbits.xen.org/xen.git 4.21.0-rc2 For your convenience there is also a tarball and the signature at: https://downloads.xenproject.org/release/xen/4.21.0-rc2/xen-4.21.0-rc2.tar.gz And the signature is at: https://downloads.xenproject.org/release/xen/4.21.0-rc2/xen-4.21.0-rc2.tar.gz.sig Have a nice week! ~ Oleksii --------------QYI6grCkYridlXYS03aYmntk Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit 
Hello everyone,

Xen 4.21 rc2 is tagged. You can check that out from xen.git:
  git://xenbits.xen.org/xen.git 4.21.0-rc2

For your convenience there is also a tarball and the signature at:
  https://downloads.xenproject.org/release/xen/4.21.0-rc2/xen-4.21.0-rc2.tar.gz

And the signature is at:
  https://downloads.xenproject.org/release/xen/4.21.0-rc2/xen-4.21.0-rc2.tar.gz.sig

Have a nice week!

~ Oleksii



--------------QYI6grCkYridlXYS03aYmntk--