From xen-announce-bounces@lists.xenproject.org Tue Mar 17 12:05:48 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 17 Mar 2026 12:05:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1255916.1550743 (Exim 4.92) (envelope-from ) id 1w2TAp-0001MQ-KE; Tue, 17 Mar 2026 12:05:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1255916.1550743; Tue, 17 Mar 2026 12:05:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAp-0001Li-Dh; Tue, 17 Mar 2026 12:05:23 +0000 Received: by outflank-mailman (input) for mailman id 1255916; Tue, 17 Mar 2026 12:05:22 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAo-0008QI-1j for xen-announce@lists.xen.org; Tue, 17 Mar 2026 12:05:22 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8d8f2755-21f9-11f1-9ccf-f158ae23cfc8; Tue, 17 Mar 2026 13:05:13 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w2TAa-00D7eo-2J; Tue, 17 Mar 2026 12:05:08 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w2TAa-00DbYI-1T; Tue, 17 Mar 2026 12:05:08 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 8d8f2755-21f9-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 481 v2 (CVE-2026-23555) - Xenstored DoS by unprivileged domain Message-Id: Date: Tue, 17 Mar 2026 12:05:08 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-23555 / XSA-481 version 2 Xenstored DoS by unprivileged domain UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get. IMPACT ====== Any unprivileged domain can cause xenstored to crash, causing a DoS (denial of service) for any Xenstore action. This will result in an inability to perform further domain administration on the host. In case xenstored has been built with NDEBUG defined, an unprivileged domain can force xenstored to be 100% busy, but without harming xenstored functionality for other guests otherwise. VULNERABLE SYSTEMS ================== All Xen systems from Xen 4.18 onwards are vulnerable. Systems up to Xen 4.17 are not vulnerable. Systems using the C variant of xenstored are vulnerable. Systems using xenstore-stubdom or the OCaml variant of Xenstore (oxenstored) are not vulnerable. MITIGATION ========== There is no known mitigation available. CREDITS ======= This issue was discovered by Marek Marczykowski-Góreckiof Invisible Things Lab. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa481.patch xen-unstable - Xen 4.18.x $ sha256sum xsa481* 148147e4545a4670578c0f24aa136f67bc203c7b18ec980b8cc80cfbb04ace68 xsa481.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. Switching xenstored with oxenstored or xenstore-stubdom is not permitted as a mitigation, as this is a guest visible change of the configuration. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmm5Q1sMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZKmYIAKOrz2ZWyIQyEJCuci+pavN6zG8/qgBhoRhzB2gJ piwk6CDr0gB2LseEePPLbl+yoGmNxNVtXjgCNyWVbCA2HaCnPsENOOkZkUhwffN/ fXVMJHC43YdiaknKTKc8QoRn0poiPLIBQE2eXpIMVo9J7FoPkqQZYM1DS6B5x/q3 FWyKjHWwnGRv2pzRAm6mx22bu6wNpzYsfD2qCUe4d08njC3+iFLn1az+9XwF+Yw6 nS51gB2KjzRoGNhfepwzHC9R2cysYQdySFbAbskcGBTTD2FI9D+k6fBbXc7Tuj4T v+JqgQMkmQitJepE875VWxfFAR2PTRcBbL2ev6tQvA1x5mQ= =Bv72 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa481.patch" Content-Disposition: attachment; filename="xsa481.patch" Content-Transfer-Encoding: base64 RnJvbSAwY2ZmMTZmMGE5OTdmMWIwODcxYjYyMWExZDYwNTA2NTI1MzBlNWQ5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgMTIgRmViIDIwMjYgMDg6 Mjk6MzggKzAxMDAKU3ViamVjdDogW1BBVENIXSB0b29scy94ZW5zdG9yZWQ6 IGZpeCBjYW5vbmljYWxpemUoKSBlcnJvciB0ZXN0aW5nCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpUaGUgc2V0dGlu ZyBvZiBlcnJubyBpbiBjYW5vbmljYWxpemUoKSBpcyByYXRoZXIgZnJhZ2ls ZSBhbmQgc2VlbXMgdG8KYmUgZXZlbiB3cm9uZyBpbiBvbmUgY29ybmVyIGNh c2U6IHdoZW4gdGhlIGludmFsaWQgcGF0aCAiL2xvY2FsL2RvbWFpbi8iCmlz IHBhc3NlZCwgc3NjYW5mKCkgd2lsbCBzZXQgZXJybm8gdG8gMCwgcmVzdWx0 aW5nIGluIGNhbm9uaWNhbGl6ZSgpIHRvCnJldHVybiBOVUxMIHdpdGggZXJy bm8gYmVpbmcgMC4gVGhpcyBjYW4gcmVzdWx0IGluIHRyaWdnZXJpbmcgdGhl CmFzc2VydChjb25uLT5pbiA9PSBOVUxMKSBpbiBjb25zaWRlcl9tZXNzYWdl KCkuCgpEb24ndCBhc3N1bWUgdGhlIGluaXRpYWwgc2V0dGluZyBvZiBlcnJu byB0byAiRUlOVkFMIiB3aWxsIHN0YXkgdmFsaWQKaW4gYWxsIGNhc2VzIGFu ZCBzZXQgaXQgdG8gRUlOVkFMIG9ubHkgd2hlbiByZXR1cm5pbmcgTlVMTCBk dWUgdG8gYW4KaW52YWxpZCBwYXRoLgoKVGhpcyBpcyBYU0EtNDgxL0NWRS0y MDI2LTIzNTU1CgpSZXBvcnRlZC1ieTogTWFyZWsgTWFyY3p5a293c2tpLUfD s3JlY2tpIDxtYXJtYXJla0BpbnZpc2libGV0aGluZ3NsYWIuY29tPgpTaWdu ZWQtb2ZmLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBKdWxpZW4gR3JhbGwgPGp1bGllbkB4ZW4ub3JnPgotLS0K IHRvb2xzL3hlbnN0b3JlZC9jb3JlLmMgfCA1ICsrKy0tCiAxIGZpbGUgY2hh bmdlZCwgMyBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL3Rvb2xzL3hlbnN0b3JlZC9jb3JlLmMgYi90b29scy94ZW5zdG9y ZWQvY29yZS5jCmluZGV4IDY0YzQ3OGE4MDEuLjJlODI2Zjk5ZWIgMTAwNjQ0 Ci0tLSBhL3Rvb2xzL3hlbnN0b3JlZC9jb3JlLmMKKysrIGIvdG9vbHMveGVu c3RvcmVkL2NvcmUuYwpAQCAtMTI0MCwxMSArMTI0MCwxMCBAQCBjb25zdCBj aGFyICpjYW5vbmljYWxpemUoc3RydWN0IGNvbm5lY3Rpb24gKmNvbm4sIGNv bnN0IHZvaWQgKmN0eCwKIAkgKiAtIGlsbGVnYWwgY2hhcmFjdGVyIGluIG5v ZGUKIAkgKiAtIHN0YXJ0cyB3aXRoICdAJyBidXQgbm8gc3BlY2lhbCBub2Rl IGFsbG93ZWQKIAkgKi8KLQllcnJubyA9IEVJTlZBTDsKIAlpZiAoIW5vZGUg fHwKIAkgICAgIXZhbGlkX2NoYXJzKG5vZGUpIHx8CiAJICAgIChub2RlWzBd ID09ICdAJyAmJiAhYWxsb3dfc3BlY2lhbCkpCi0JCXJldHVybiBOVUxMOwor CQlnb3RvIGludmFsOwogCiAJaWYgKG5vZGVbMF0gIT0gJy8nICYmIG5vZGVb MF0gIT0gJ0AnKSB7CiAJCW5hbWUgPSB0YWxsb2NfYXNwcmludGYoY3R4LCAi JXMvJXMiLCBnZXRfaW1wbGljaXRfcGF0aChjb25uKSwKQEAgLTEyNzIsNiAr MTI3MSw4IEBAIGNvbnN0IGNoYXIgKmNhbm9uaWNhbGl6ZShzdHJ1Y3QgY29u bmVjdGlvbiAqY29ubiwgY29uc3Qgdm9pZCAqY3R4LAogCWlmIChuYW1lICE9 IG5vZGUpCiAJCXRhbGxvY19mcmVlKG5hbWUpOwogCisgaW52YWw6CisJZXJy bm8gPSBFSU5WQUw7CiAJcmV0dXJuIE5VTEw7CiB9CiAKLS0gCjIuNTMuMAoK --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Mar 17 12:05:50 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 17 Mar 2026 12:05:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1255912.1550690 (Exim 4.92) (envelope-from ) id 1w2TAl-00006f-CR; Tue, 17 Mar 2026 12:05:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1255912.1550690; Tue, 17 Mar 2026 12:05:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAl-0008V6-5H; Tue, 17 Mar 2026 12:05:19 +0000 Received: by outflank-mailman (input) for mailman id 1255912; Tue, 17 Mar 2026 12:05:18 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAk-0008QI-0n for xen-announce@lists.xen.org; Tue, 17 Mar 2026 12:05:18 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8b95c952-21f9-11f1-9ccf-f158ae23cfc8; Tue, 17 Mar 2026 13:05:11 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w2TAW-00D7eF-1U; Tue, 17 Mar 2026 12:05:04 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w2TAW-00DbXG-0N; Tue, 17 Mar 2026 12:05:04 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: 8b95c952-21f9-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after free of paging structures in EPT Message-Id: Date: Tue, 17 Mar 2026 12:05:04 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-23554 / XSA-480 version 3 Use after free of paging structures in EPT UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions. IMPACT ====== Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks. VULNERABLE SYSTEMS ================== Xen 4.17 and onwards are vulnerable. Xen 4.16 and older are not vulnerable. Only x86 Intel systems with EPT support are vulnerable. Only x86 HVM/PVH guests using HAP can leverage the vulnerability on affected systems. MITIGATION ========== There are no mitigations. CREDITS ======= This issue was discovered by Roger Pau Monné of XenServer. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa480.patch xen-unstable - Xen 4.17.x $ sha256sum xsa480* 578f8fec3f34656e085419f6376d43987ffd6ed32e067b4024d3c83ce03a5901 xsa480.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmm5Q1MMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZKDgH/jDFwjlPNV0IQor3c5j9D7L++i5dFugypaF5OI+Q nboD7VEe6y1KexRsPa/a7UAvuabgGdudeS18IS3W34/9TZILZRITo9s3IgEnTfQR qqFlCTxymFuCn8Iptq8SJh37fG3nc9OJ/v28s+0+X9ERnjjjVcjhwcbQ5gQSpKU0 7fAe+IpsO3YOMGb3fgpjhCWMjh9UTHnKOBmObNeDGZ3sXgh8+FYkt6snRs0bYwW4 IcGpmEEgK+Id6n/0sG07Ntntb02EcCz3Vl8G0OflNQj/XOxHBuXbkFc36K2vpUDp dGrzGkIznA00Oz2UNlZrSrMWAQtKuHbB9+H2tU+7BNq+ag8= =RFix -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa480.patch" Content-Disposition: attachment; filename="xsa480.patch" Content-Transfer-Encoding: base64 RnJvbSA0NWY2ODY2ZTM0YjdlOWVlOGI2YWMxNmQ2NDZhMmU5NTRjOTdlNDhl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBSb2dlciBQYXUgTW9u bmUgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDE3IEZlYiAy MDI2IDA5OjMzOjQzICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3AybTog aXNzdWUgYSBzeW5jIGZsdXNoIGJlZm9yZSBmcmVlaW5nIHBhZ2luZyBwYWdl cwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47 IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp dAoKSW4gdGhlIEVQVCBpbXBsZW1lbnRhdGlvbiwgdGhlIGRlZmVyIGZsdXNo aW5nIGxvZ2ljIGlzIHVzZWQKdW5jb25kaXRpb25hbGx5LCBhbmQgdGhhdCB3 b3VsZCBsZWFkIHRvIHBhZ2luZyBtZW1vcnkgYmVpbmcgcmV0dXJuZWQgdG8g dGhlCnBhZ2luZyBwb29sIGJlZm9yZSBpdHMgcmVmZXJlbmNlcyBoYWQgYmVl biBmbHVzaGVkLgoKSXNzdWUgYW55IHBlbmRpbmcgZmx1c2hlcyBiZWZvcmUg ZnJlZWluZyB0aGUgcGFnaW5nIG1lbW9yeSBiYWNrIHRvIHRoZQpwb29sLgoK Tm90ZSBBTUQgKE5QVCkgYW5kIFNoYWRvdyBwYWdpbmcgYXJlIG5vdCBhZmZl Y3RlZCwgYXMgdGhleSBkb24ndCBpbXBsZW1lbnQKdGhlIGRlZmVycmVkIGZs dXNoaW5nIGxvZ2ljLgoKVGhpcyBpcyBYU0EtNDgwIC8gQ1ZFLTIwMjYtMjM1 NTQKCkZpeGVzOiA0YTU5ZTZiYjNhOTYgKCJ4ODYvRVBUOiBzcXVhc2ggbWVh bmluZ2xlc3MgVExCIGZsdXNoIikKU2lnbmVkLW9mZi1ieTogUm9nZXIgUGF1 IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gv eDg2L21tL3AybS5jIHwgNSArKysrKwogMSBmaWxlIGNoYW5nZWQsIDUgaW5z ZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YyBiL3hlbi9hcmNoL3g4Ni9tbS9wMm0uYwppbmRleCBlOTE1ZGEyNmE4MzIu LmZkZGVjZGY5NzhlYyAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L21tL3Ay bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS9wMm0uYwpAQCAtNDc5LDYgKzQ3 OSwxMSBAQCB2b2lkIHAybV9mcmVlX3B0cChzdHJ1Y3QgcDJtX2RvbWFpbiAq cDJtLCBzdHJ1Y3QgcGFnZV9pbmZvICpwZykKICAgICBBU1NFUlQocDJtLT5k b21haW4pOwogICAgIEFTU0VSVChwMm0tPmRvbWFpbi0+YXJjaC5wYWdpbmcu ZnJlZV9wYWdlKTsKIAorICAgIC8qCisgICAgICogSXNzdWUgYW55IHBlbmRp bmcgZmx1c2ggaGVyZSwgaW4gY2FzZSBpdCB3YXMgZGVmZXJyZWQgYmVmb3Jl LiAgVGhlIHBhZ2UKKyAgICAgKiB3aWxsIGJlIHJldHVybmVkIHRvIHRoZSBw YWdpbmcgcG9vbCBub3cuCisgICAgICovCisgICAgcDJtX3RsYl9mbHVzaF9z eW5jKHAybSk7CiAgICAgcGFnZV9saXN0X2RlbChwZywgJnAybS0+cGFnZXMp OwogICAgIHAybS0+ZG9tYWluLT5hcmNoLnBhZ2luZy5mcmVlX3BhZ2UocDJt LT5kb21haW4sIHBnKTsKIAotLSAKMi41MS4wCgo= --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Mar 24 12:06:52 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 12:06:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260416.1553757 (Exim 4.92) (envelope-from ) id 1w50WD-00026l-IN; Tue, 24 Mar 2026 12:05:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260416.1553757; Tue, 24 Mar 2026 12:05:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50WD-00026e-FH; Tue, 24 Mar 2026 12:05:57 +0000 Received: by outflank-mailman (input) for mailman id 1260416; Tue, 24 Mar 2026 12:05:56 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50WC-00026T-HS for xen-announce@lists.xen.org; Tue, 24 Mar 2026 12:05:56 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id cb885aae-2779-11f1-9ccf-f158ae23cfc8; Tue, 24 Mar 2026 13:05:51 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w50W0-007DT0-2n; Tue, 24 Mar 2026 12:05:44 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w50W0-00Bwo0-1i; Tue, 24 Mar 2026 12:05:44 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" X-Inumbo-ID: cb885aae-2779-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Message-Id: Date: Tue, 24 Mar 2026 12:05:44 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-482 version 2 Linux privcmd driver can circumvent kernel lockdown UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown (secure boot), e.g. by modifying page tables to enable user mode to modify kernel memory. The CNA covering Linux has refused to assign a CVE at this juncture. IMPACT ====== An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel which should not be possible in secure mode. VULNERABLE SYSTEMS ================== PV, PVH and HVM guests running Linux using secure boot are vulnerable. BSD based systems are believed not to be vulnerable due to a lack of secure boot support. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Teddy Astie of Vates. RESOLUTION ========== Applying the set of attached patches resolves this issue. xsa482-linux-?.patch Linux $ sha256sum xsa482* a4e67d2c773e2e13252337e4b64c08b342c0eb2e0e92271a79dc588ac34e7c3a xsa482-linux-1.patch dd952c1fc49ceb47803b78e15cfe3f7f11a845b29c6b2a80afa7a9eaa60a00ec xsa482-linux-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because the patches need to be applied to the guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmnCffYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZLUIIAIU0v7T3tT1Jc2UeanX2sj2aycfKjpCCoAxTtFcG qKdhneXhKQ3ofWH3SSRmuNfA6L1jVPyh7bUYLMpNQp4WfsCUj0RNcjXhdxYIldTP KLi+mhekZzjarClj+X9eQOQf0DaGGy1dG1SUfETHuumOcm7CVbRDKF9nXVv6g4Dd CCnDuXjK2M9Q91shdDAUI7I41oQL3k85UTpPwwtAs1subKCJsgbKIBdikw3Bdm4c TBkqTyjFCiLiLXcqcY7qQo/IcfJ9mn0z3Jc0M4V12Am6DdLrypO0LU3YcVRH3qT9 /5L5It2HKjoFRp+6yEb7yfBkavXQgaGwCSnROUC7dn41pM8= =mibo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa482-linux-1.patch" Content-Disposition: attachment; filename="xsa482-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjVmMjA1MmZjYjUyYjllMjZlMTQ2Nzg5MzU5ZjQ1MjJjZWVkZDFi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgOSBPY3QgMjAyNSAxNjo1 NDo1OCArMDIwMApTdWJqZWN0OiBbUEFUQ0ggdjMgMS8yXSB4ZW4vcHJpdmNt ZDogcmVzdHJpY3QgdXNhZ2UgaW4gdW5wcml2aWxlZ2VkIGRvbVUKClRoZSBY ZW4gcHJpdmNtZCBkcml2ZXIgYWxsb3dzIHRvIGlzc3VlIGFyYml0cmFyeSBo eXBlcmNhbGxzIGZyb20KdXNlciBzcGFjZSBwcm9jZXNzZXMuIFRoaXMgaXMg bm9ybWFsbHkgbm8gcHJvYmxlbSwgYXMgYWNjZXNzIGlzCnVzdWFsbHkgbGlt aXRlZCB0byByb290IGFuZCB0aGUgaHlwZXJ2aXNvciB3aWxsIGRlbnkgYW55 IGh5cGVyY2FsbHMKYWZmZWN0aW5nIG90aGVyIGRvbWFpbnMuCgpJbiBjYXNl IHRoZSBndWVzdCBpcyBib290ZWQgdXNpbmcgc2VjdXJlIGJvb3QsIGhvd2V2 ZXIsIHRoZSBwcml2Y21kCmRyaXZlciB3b3VsZCBiZSBlbmFibGluZyBhIHJv b3QgdXNlciBwcm9jZXNzIHRvIG1vZGlmeSBlLmcuIGtlcm5lbAptZW1vcnkg Y29udGVudHMsIHRodXMgYnJlYWtpbmcgdGhlIHNlY3VyZSBib290IGZlYXR1 cmUuCgpUaGUgb25seSBrbm93biBjYXNlIHdoZXJlIGFuIHVucHJpdmlsZWdl ZCBkb21VIGlzIHJlYWxseSBuZWVkaW5nIHRvCnVzZSB0aGUgcHJpdmNtZCBk cml2ZXIgaXMgdGhlIGNhc2Ugd2hlbiBpdCBpcyBhY3RpbmcgYXMgdGhlIGRl dmljZQptb2RlbCBmb3IgYW5vdGhlciBndWVzdC4gSW4gdGhpcyBjYXNlIGFs bCBoeXBlcmNhbGxzIGlzc3VlZCB2aWEgdGhlCnByaXZjbWQgZHJpdmVyIHdp bGwgdGFyZ2V0IHRoYXQgb3RoZXIgZ3Vlc3QuCgpGb3J0dW5hdGVseSB0aGUg cHJpdmNtZCBkcml2ZXIgY2FuIGFscmVhZHkgYmUgbG9ja2VkIGRvd24gdG8g YWxsb3cKb25seSBoeXBlcmNhbGxzIHRhcmdldGluZyBhIHNwZWNpZmljIGRv bWFpbiwgYnV0IHRoaXMgbW9kZSBjYW4gYmUKYWN0aXZhdGVkIGZyb20gdXNl ciBsYW5kIG9ubHkgdG9kYXkuCgpUaGUgdGFyZ2V0IGRvbWFpbiBjYW4gYmUg b2J0YWluZWQgZnJvbSBYZW5zdG9yZSwgc28gd2hlbiBub3QgcnVubmluZwpp biBkb20wIHJlc3RyaWN0IHRoZSBwcml2Y21kIGRyaXZlciB0byB0aGF0IHRh cmdldCBkb21haW4gZnJvbSB0aGUKYmVnaW5uaW5nLCByZXNvbHZpbmcgdGhl IHBvdGVudGlhbCBwcm9ibGVtIG9mIGJyZWFraW5nIHNlY3VyZSBib290LgoK VGhpcyBpcyBYU0EtNDgyIC8gQ1ZFID8/PwoKUmVwb3J0ZWQtYnk6IFRlZGR5 IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpGaXhlczogMWM1ZGUx OTM5YzIwICgieGVuOiBhZGQgcHJpdmNtZCBkcml2ZXIiKQpTaWduZWQtb2Zm LWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+Ci0tLQogZHJp dmVycy94ZW4vcHJpdmNtZC5jIHwgNjAgKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDU3IGlu c2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJp dmVycy94ZW4vcHJpdmNtZC5jIGIvZHJpdmVycy94ZW4vcHJpdmNtZC5jCmlu ZGV4IDE3NTljYzE4NzUzZi4uYTgzYmFkNjlmNGYyIDEwMDY0NAotLS0gYS9k cml2ZXJzL3hlbi9wcml2Y21kLmMKKysrIGIvZHJpdmVycy94ZW4vcHJpdmNt ZC5jCkBAIC0xMiw2ICsxMiw3IEBACiAjaW5jbHVkZSA8bGludXgvZXZlbnRm ZC5oPgogI2luY2x1ZGUgPGxpbnV4L2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9rZXJuZWwuaD4KKyNpbmNsdWRlIDxsaW51eC9rc3RydG94Lmg+CiAjaW5j bHVkZSA8bGludXgvbW9kdWxlLmg+CiAjaW5jbHVkZSA8bGludXgvbXV0ZXgu aD4KICNpbmNsdWRlIDxsaW51eC9wb2xsLmg+CkBAIC0zMCw3ICszMSw5IEBA CiAjaW5jbHVkZSA8bGludXgvc2VxX2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9taXNjZGV2aWNlLmg+CiAjaW5jbHVkZSA8bGludXgvbW9kdWxlcGFyYW0u aD4KKyNpbmNsdWRlIDxsaW51eC9ub3RpZmllci5oPgogI2luY2x1ZGUgPGxp bnV4L3ZpcnRpb19tbWlvLmg+CisjaW5jbHVkZSA8bGludXgvd2FpdC5oPgog CiAjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZpc29yLmg+CiAjaW5jbHVkZSA8 YXNtL3hlbi9oeXBlcmNhbGwuaD4KQEAgLTQ2LDYgKzQ5LDcgQEAKICNpbmNs dWRlIDx4ZW4vcGFnZS5oPgogI2luY2x1ZGUgPHhlbi94ZW4tb3BzLmg+CiAj aW5jbHVkZSA8eGVuL2JhbGxvb24uaD4KKyNpbmNsdWRlIDx4ZW4veGVuYnVz Lmg+CiAjaWZkZWYgQ09ORklHX1hFTl9BQ1BJCiAjaW5jbHVkZSA8eGVuL2Fj cGkuaD4KICNlbmRpZgpAQCAtNzIsNiArNzYsMTEgQEAgc3RydWN0IHByaXZj bWRfZGF0YSB7CiAJZG9taWRfdCBkb21pZDsKIH07CiAKKy8qIERPTUlEX0lO VkFMSUQgaW1wbGllcyBubyByZXN0cmljdGlvbiAqLworc3RhdGljIGRvbWlk X3QgdGFyZ2V0X2RvbWFpbiA9IERPTUlEX0lOVkFMSUQ7CitzdGF0aWMgYm9v bCByZXN0cmljdF93YWl0Oworc3RhdGljIERFQ0xBUkVfV0FJVF9RVUVVRV9I RUFEKHJlc3RyaWN0X3dhaXRfd3EpOworCiBzdGF0aWMgaW50IHByaXZjbWRf dm1hX3JhbmdlX2lzX21hcHBlZCgKICAgICAgICAgICAgICAgIHN0cnVjdCB2 bV9hcmVhX3N0cnVjdCAqdm1hLAogICAgICAgICAgICAgICAgdW5zaWduZWQg bG9uZyBhZGRyLApAQCAtMTU2MywxMyArMTU3MiwxNiBAQCBzdGF0aWMgbG9u ZyBwcml2Y21kX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLAogCiBzdGF0aWMg aW50IHByaXZjbWRfb3BlbihzdHJ1Y3QgaW5vZGUgKmlubywgc3RydWN0IGZp bGUgKmZpbGUpCiB7Ci0Jc3RydWN0IHByaXZjbWRfZGF0YSAqZGF0YSA9IGt6 YWxsb2Nfb2JqKCpkYXRhKTsKKwlzdHJ1Y3QgcHJpdmNtZF9kYXRhICpkYXRh OworCisJaWYgKHdhaXRfZXZlbnRfaW50ZXJydXB0aWJsZShyZXN0cmljdF93 YWl0X3dxLCAhcmVzdHJpY3Rfd2FpdCkgPCAwKQorCQlyZXR1cm4gLUVJTlRS OwogCisJZGF0YSA9IGt6YWxsb2Nfb2JqKCpkYXRhKTsKIAlpZiAoIWRhdGEp CiAJCXJldHVybiAtRU5PTUVNOwogCi0JLyogRE9NSURfSU5WQUxJRCBpbXBs aWVzIG5vIHJlc3RyaWN0aW9uICovCi0JZGF0YS0+ZG9taWQgPSBET01JRF9J TlZBTElEOworCWRhdGEtPmRvbWlkID0gdGFyZ2V0X2RvbWFpbjsKIAogCWZp bGUtPnByaXZhdGVfZGF0YSA9IGRhdGE7CiAJcmV0dXJuIDA7CkBAIC0xNjYy LDYgKzE2NzQsNDUgQEAgc3RhdGljIHN0cnVjdCBtaXNjZGV2aWNlIHByaXZj bWRfZGV2ID0gewogCS5mb3BzID0gJnhlbl9wcml2Y21kX2ZvcHMsCiB9Owog CitzdGF0aWMgaW50IGluaXRfcmVzdHJpY3Qoc3RydWN0IG5vdGlmaWVyX2Js b2NrICpub3RpZmllciwKKwkJCSB1bnNpZ25lZCBsb25nIGV2ZW50LAorCQkJ IHZvaWQgKmRhdGEpCit7CisJY2hhciAqdGFyZ2V0OworCXVuc2lnbmVkIGlu dCBkb21pZDsKKworCS8qIERlZmF1bHQgdG8gYW4gZ3VhcmFudGVlZCB1bnVz ZWQgZG9tYWluLWlkLiAqLworCXRhcmdldF9kb21haW4gPSBET01JRF9JRExF OworCisJdGFyZ2V0ID0geGVuYnVzX3JlYWQoWEJUX05JTCwgInRhcmdldCIs ICIiLCBOVUxMKTsKKwlpZiAoSVNfRVJSKHRhcmdldCkgfHwga3N0cnRvdWlu dCh0YXJnZXQsIDEwLCAmZG9taWQpKSB7CisJCXByX2VycigiTm8gdGFyZ2V0 IGRvbWFpbiBmb3VuZCwgYmxvY2tpbmcgYWxsIGh5cGVyY2FsbHNcbiIpOwor CQlnb3RvIG91dDsKKwl9CisKKwl0YXJnZXRfZG9tYWluID0gZG9taWQ7CisK KyBvdXQ6CisJaWYgKCFJU19FUlIodGFyZ2V0KSkKKwkJa2ZyZWUodGFyZ2V0 KTsKKworCXJlc3RyaWN0X3dhaXQgPSBmYWxzZTsKKwl3YWtlX3VwX2FsbCgm cmVzdHJpY3Rfd2FpdF93cSk7CisKKwlyZXR1cm4gTk9USUZZX0RPTkU7Cit9 CisKK3N0YXRpYyBzdHJ1Y3Qgbm90aWZpZXJfYmxvY2sgeGVuc3RvcmVfbm90 aWZpZXIgPSB7CisJLm5vdGlmaWVyX2NhbGwgPSBpbml0X3Jlc3RyaWN0LAor fTsKKworc3RhdGljIHZvaWQgX19pbml0IHJlc3RyaWN0X2RyaXZlcih2b2lk KQoreworCXJlc3RyaWN0X3dhaXQgPSB0cnVlOworCisJcmVnaXN0ZXJfeGVu c3RvcmVfbm90aWZpZXIoJnhlbnN0b3JlX25vdGlmaWVyKTsKK30KKwogc3Rh dGljIGludCBfX2luaXQgcHJpdmNtZF9pbml0KHZvaWQpCiB7CiAJaW50IGVy cjsKQEAgLTE2NjksNiArMTcyMCw5IEBAIHN0YXRpYyBpbnQgX19pbml0IHBy aXZjbWRfaW5pdCh2b2lkKQogCWlmICgheGVuX2RvbWFpbigpKQogCQlyZXR1 cm4gLUVOT0RFVjsKIAorCWlmICgheGVuX2luaXRpYWxfZG9tYWluKCkpCisJ CXJlc3RyaWN0X2RyaXZlcigpOworCiAJZXJyID0gbWlzY19yZWdpc3Rlcigm cHJpdmNtZF9kZXYpOwogCWlmIChlcnIgIT0gMCkgewogCQlwcl9lcnIoIkNv dWxkIG5vdCByZWdpc3RlciBYZW4gcHJpdmNtZCBkZXZpY2VcbiIpOwotLSAK Mi41My4wCgo= --=separator Content-Type: application/octet-stream; name="xsa482-linux-2.patch" Content-Disposition: attachment; filename="xsa482-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA2ZjY5MThmZTFkZDQ1OTBlMDBmZjk1OTAwODZmYWIwOGQ5Mjg0MDVi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFR1ZSwgMTQgT2N0IDIwMjUgMTM6 Mjg6MTUgKzAyMDAKU3ViamVjdDogW1BBVENIIHYzIDIvMl0geGVuL3ByaXZj bWQ6IGFkZCBib290IGNvbnRyb2wgZm9yIHJlc3RyaWN0ZWQgdXNhZ2UgaW4K IGRvbVUKCldoZW4gcnVubmluZyBpbiBhbiB1bnByaXZpbGVnZWQgZG9tVSB1 bmRlciBYZW4sIHRoZSBwcml2Y21kIGRyaXZlcgppcyByZXN0cmljdGVkIHRv IGFsbG93IG9ubHkgaHlwZXJjYWxscyBhZ2FpbnN0IGEgdGFyZ2V0IGRvbWFp biwgZm9yCndoaWNoIHRoZSBjdXJyZW50IGRvbVUgaXMgYWN0aW5nIGFzIGEg ZGV2aWNlIG1vZGVsLgoKQWRkIGEgYm9vdCBwYXJhbWV0ZXIgInVucmVzdHJp Y3RlZCIgdG8gYWxsb3cgYWxsIGh5cGVyY2FsbHMgKHRoZQpoeXBlcnZpc29y IHdpbGwgc3RpbGwgcmVmdXNlIGRlc3RydWN0aXZlIGh5cGVyY2FsbHMgYWZm ZWN0aW5nIG90aGVyCmd1ZXN0cykuCgpNYWtlIHRoaXMgbmV3IHBhcmFtZXRl ciBlZmZlY3RpdmUgb25seSBpbiBjYXNlIHRoZSBkb21VIHdhc24ndCBzdGFy dGVkCnVzaW5nIHNlY3VyZSBib290LCBhcyBvdGhlcndpc2UgaHlwZXJjYWxs cyB0YXJnZXRpbmcgdGhlIGRvbVUgaXRzZWxmCm1pZ2h0IHJlc3VsdCBpbiB2 aW9sYXRpbmcgdGhlIHNlY3VyZSBib290IGZ1bmN0aW9uYWxpdHkuCgpUaGlz IGlzIGFjaGlldmVkIGJ5IGFkZGluZyBhbm90aGVyIGxvY2tkb3duIHJlYXNv biwgd2hpY2ggY2FuIGJlCnRlc3RlZCB0byBub3QgYmVpbmcgc2V0IHdoZW4g YXBwbHlpbmcgdGhlICJ1bnJlc3RyaWN0ZWQiIG9wdGlvbi4KClRoaXMgaXMg cGFydCBvZiBYU0EtNDgyIC8gQ1ZFLT8/PwoKU2lnbmVkLW9mZi1ieTogSnVl cmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgotLS0KIGRyaXZlcnMveGVu L3ByaXZjbWQuYyAgICB8IDEzICsrKysrKysrKysrKysKIGluY2x1ZGUvbGlu dXgvc2VjdXJpdHkuaCB8ICAxICsKIHNlY3VyaXR5L3NlY3VyaXR5LmMgICAg ICB8ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3ByaXZjbWQuYyBiL2RyaXZlcnMv eGVuL3ByaXZjbWQuYwppbmRleCBhODNiYWQ2OWY0ZjIuLmJiZjllZTIxMzA2 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4vcHJpdmNtZC5jCisrKyBiL2Ry aXZlcnMveGVuL3ByaXZjbWQuYwpAQCAtMzIsNiArMzIsNyBAQAogI2luY2x1 ZGUgPGxpbnV4L21pc2NkZXZpY2UuaD4KICNpbmNsdWRlIDxsaW51eC9tb2R1 bGVwYXJhbS5oPgogI2luY2x1ZGUgPGxpbnV4L25vdGlmaWVyLmg+CisjaW5j bHVkZSA8bGludXgvc2VjdXJpdHkuaD4KICNpbmNsdWRlIDxsaW51eC92aXJ0 aW9fbW1pby5oPgogI2luY2x1ZGUgPGxpbnV4L3dhaXQuaD4KIApAQCAtNzIs NiArNzMsMTEgQEAgbW9kdWxlX3BhcmFtX25hbWVkKGRtX29wX2J1Zl9tYXhf c2l6ZSwgcHJpdmNtZF9kbV9vcF9idWZfbWF4X3NpemUsIHVpbnQsCiBNT0RV TEVfUEFSTV9ERVNDKGRtX29wX2J1Zl9tYXhfc2l6ZSwKIAkJICJNYXhpbXVt IHNpemUgb2YgYSBkbV9vcCBoeXBlcmNhbGwgYnVmZmVyIik7CiAKK3N0YXRp YyBib29sIHVucmVzdHJpY3RlZDsKK21vZHVsZV9wYXJhbSh1bnJlc3RyaWN0 ZWQsIGJvb2wsIDApOworTU9EVUxFX1BBUk1fREVTQyh1bnJlc3RyaWN0ZWQs CisJIkRvbid0IHJlc3RyaWN0IGh5cGVyY2FsbHMgdG8gdGFyZ2V0IGRvbWFp biBpZiBydW5uaW5nIGluIGEgZG9tVSIpOworCiBzdHJ1Y3QgcHJpdmNtZF9k YXRhIHsKIAlkb21pZF90IGRvbWlkOwogfTsKQEAgLTE3MDgsNiArMTcxNCwx MyBAQCBzdGF0aWMgc3RydWN0IG5vdGlmaWVyX2Jsb2NrIHhlbnN0b3JlX25v dGlmaWVyID0gewogCiBzdGF0aWMgdm9pZCBfX2luaXQgcmVzdHJpY3RfZHJp dmVyKHZvaWQpCiB7CisJaWYgKHVucmVzdHJpY3RlZCkgeworCQlpZiAoc2Vj dXJpdHlfbG9ja2VkX2Rvd24oTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OUykp CisJCQlwcl93YXJuKCJLZXJuZWwgaXMgbG9ja2VkIGRvd24sIHBhcmFtZXRl ciBcInVucmVzdHJpY3RlZFwiIGlnbm9yZWRcbiIpOworCQllbHNlCisJCQly ZXR1cm47CisJfQorCiAJcmVzdHJpY3Rfd2FpdCA9IHRydWU7CiAKIAlyZWdp c3Rlcl94ZW5zdG9yZV9ub3RpZmllcigmeGVuc3RvcmVfbm90aWZpZXIpOwpk aWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oIGIvaW5jbHVk ZS9saW51eC9zZWN1cml0eS5oCmluZGV4IDgzYTY0NmQ3MmY2Zi4uZWU4OGRk MmQyZDFmIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NlY3VyaXR5LmgK KysrIGIvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oCkBAIC0xNDUsNiArMTQ1 LDcgQEAgZW51bSBsb2NrZG93bl9yZWFzb24gewogCUxPQ0tET1dOX0JQRl9X UklURV9VU0VSLAogCUxPQ0tET1dOX0RCR19XUklURV9LRVJORUwsCiAJTE9D S0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT04sCisJTE9DS0RPV05fWEVOX1VT RVJfQUNUSU9OUywKIAlMT0NLRE9XTl9JTlRFR1JJVFlfTUFYLAogCUxPQ0tE T1dOX0tDT1JFLAogCUxPQ0tET1dOX0tQUk9CRVMsCmRpZmYgLS1naXQgYS9z ZWN1cml0eS9zZWN1cml0eS5jIGIvc2VjdXJpdHkvc2VjdXJpdHkuYwppbmRl eCA2N2FmOTIyOGM0ZTkuLmEyNmMxNDc0ZTJlNCAxMDA2NDQKLS0tIGEvc2Vj dXJpdHkvc2VjdXJpdHkuYworKysgYi9zZWN1cml0eS9zZWN1cml0eS5jCkBA IC02MSw2ICs2MSw3IEBAIGNvbnN0IGNoYXIgKmNvbnN0IGxvY2tkb3duX3Jl YXNvbnNbTE9DS0RPV05fQ09ORklERU5USUFMSVRZX01BWCArIDFdID0gewog CVtMT0NLRE9XTl9CUEZfV1JJVEVfVVNFUl0gPSAidXNlIG9mIGJwZiB0byB3 cml0ZSB1c2VyIFJBTSIsCiAJW0xPQ0tET1dOX0RCR19XUklURV9LRVJORUxd ID0gInVzZSBvZiBrZ2RiL2tkYiB0byB3cml0ZSBrZXJuZWwgUkFNIiwKIAlb TE9DS0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT05dID0gIlJUQVMgZXJyb3Ig aW5qZWN0aW9uIiwKKwlbTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OU10gPSAi WGVuIGd1ZXN0IHVzZXIgYWN0aW9uIiwKIAlbTE9DS0RPV05fSU5URUdSSVRZ X01BWF0gPSAiaW50ZWdyaXR5IiwKIAlbTE9DS0RPV05fS0NPUkVdID0gIi9w cm9jL2tjb3JlIGFjY2VzcyIsCiAJW0xPQ0tET1dOX0tQUk9CRVNdID0gInVz ZSBvZiBrcHJvYmVzIiwKLS0gCjIuNTMuMAoK --=separator-- From xen-announce-bounces@lists.xenproject.org Tue Mar 24 12:41:50 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 12:41:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260674.1553922 (Exim 4.92) (envelope-from ) id 1w514E-0008JE-Jy; Tue, 24 Mar 2026 12:41:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260674.1553922; Tue, 24 Mar 2026 12:41:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w514E-0008J7-Gu; Tue, 24 Mar 2026 12:41:06 +0000 Received: by outflank-mailman (input) for mailman id 1260674; Tue, 24 Mar 2026 12:41:04 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w514C-0008It-Md; Tue, 24 Mar 2026 12:41:04 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w514C-00Ccc7-2T; Tue, 24 Mar 2026 13:41:04 +0100 Received: from [10.42.69.10] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c2865e-bab6-0a2a0a5309dd-0a2a450ac9a4-16 for ; Tue, 24 Mar 2026 13:41:03 +0100 Received: from [104.130.215.37] (helo=mail.xenproject.org) by tlsNG-4011c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c281e8-1772-0a2a450a0019-6882d725a4bc-3 for ; Tue, 24 Mar 2026 13:22:01 +0100 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w50lg-007DvC-0W; Tue, 24 Mar 2026 12:21:55 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w50lf-00ByI7-2u; Tue, 24 Mar 2026 12:21:55 +0000 X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" Authentication-Results: eu.smtp.expurgate.cloud; none Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 482 v3 (CVE-2026-31788) - Linux privcmd driver can circumvent kernel lockdown Message-Id: Date: Tue, 24 Mar 2026 12:21:55 +0000 X-purgate-ID: tlsNG-4011c0/1774354921-BDC8C900-E6AC00F7/1/8689920845 X-purgate-type: clean X-purgate-size: 13951 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-31788 / XSA-482 version 3 Linux privcmd driver can circumvent kernel lockdown UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown (secure boot), e.g. by modifying page tables to enable user mode to modify kernel memory. IMPACT ====== An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel which should not be possible in secure mode. VULNERABLE SYSTEMS ================== PV, PVH and HVM guests running Linux using secure boot are vulnerable. BSD based systems are believed not to be vulnerable due to a lack of secure boot support. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Teddy Astie of Vates. RESOLUTION ========== Applying the set of attached patches resolves this issue. xsa482-linux-?.patch Linux $ sha256sum xsa482* a4e67d2c773e2e13252337e4b64c08b342c0eb2e0e92271a79dc588ac34e7c3a xsa482-linux-1.patch dd952c1fc49ceb47803b78e15cfe3f7f11a845b29c6b2a80afa7a9eaa60a00ec xsa482-linux-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because the patches need to be applied to the guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmnCgb8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ+HQIALz+nyJm5t0ZSnPHwNDN/EVOrftrep1+m2f35QeG 9/PWglS7gb5FX7q7Ao5dPoNsN0vJhgeiqyuJlUuvOwvVNPF7mA/wl+YuzgCjMyTD rPS3E9lzaQRyfAR1UwvDRyUCYeiE2TNNWA/Y7LMOVB5dswrhO3P7jH5qvUJLTz3z fcWKsnunrK1AK1YepklI6ybRhyZY191xI10FX0eSRo1k5gh6KuT5FPqCdjUEBjFO 0BPi+L+Lj8mZW2kbQ5ctRnesneQqS8Kud/EP+xnTH1hy/YiQny0T2RC9s4/hpQMu Mav6EICE7kPvGtjgAYpjBQj+LHCyek3nRizd9gQ8tDaiYLQ= =CIF6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa482-linux-1.patch" Content-Disposition: attachment; filename="xsa482-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjVmMjA1MmZjYjUyYjllMjZlMTQ2Nzg5MzU5ZjQ1MjJjZWVkZDFi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgOSBPY3QgMjAyNSAxNjo1 NDo1OCArMDIwMApTdWJqZWN0OiBbUEFUQ0ggdjMgMS8yXSB4ZW4vcHJpdmNt ZDogcmVzdHJpY3QgdXNhZ2UgaW4gdW5wcml2aWxlZ2VkIGRvbVUKClRoZSBY ZW4gcHJpdmNtZCBkcml2ZXIgYWxsb3dzIHRvIGlzc3VlIGFyYml0cmFyeSBo eXBlcmNhbGxzIGZyb20KdXNlciBzcGFjZSBwcm9jZXNzZXMuIFRoaXMgaXMg bm9ybWFsbHkgbm8gcHJvYmxlbSwgYXMgYWNjZXNzIGlzCnVzdWFsbHkgbGlt aXRlZCB0byByb290IGFuZCB0aGUgaHlwZXJ2aXNvciB3aWxsIGRlbnkgYW55 IGh5cGVyY2FsbHMKYWZmZWN0aW5nIG90aGVyIGRvbWFpbnMuCgpJbiBjYXNl IHRoZSBndWVzdCBpcyBib290ZWQgdXNpbmcgc2VjdXJlIGJvb3QsIGhvd2V2 ZXIsIHRoZSBwcml2Y21kCmRyaXZlciB3b3VsZCBiZSBlbmFibGluZyBhIHJv b3QgdXNlciBwcm9jZXNzIHRvIG1vZGlmeSBlLmcuIGtlcm5lbAptZW1vcnkg Y29udGVudHMsIHRodXMgYnJlYWtpbmcgdGhlIHNlY3VyZSBib290IGZlYXR1 cmUuCgpUaGUgb25seSBrbm93biBjYXNlIHdoZXJlIGFuIHVucHJpdmlsZWdl ZCBkb21VIGlzIHJlYWxseSBuZWVkaW5nIHRvCnVzZSB0aGUgcHJpdmNtZCBk cml2ZXIgaXMgdGhlIGNhc2Ugd2hlbiBpdCBpcyBhY3RpbmcgYXMgdGhlIGRl dmljZQptb2RlbCBmb3IgYW5vdGhlciBndWVzdC4gSW4gdGhpcyBjYXNlIGFs bCBoeXBlcmNhbGxzIGlzc3VlZCB2aWEgdGhlCnByaXZjbWQgZHJpdmVyIHdp bGwgdGFyZ2V0IHRoYXQgb3RoZXIgZ3Vlc3QuCgpGb3J0dW5hdGVseSB0aGUg cHJpdmNtZCBkcml2ZXIgY2FuIGFscmVhZHkgYmUgbG9ja2VkIGRvd24gdG8g YWxsb3cKb25seSBoeXBlcmNhbGxzIHRhcmdldGluZyBhIHNwZWNpZmljIGRv bWFpbiwgYnV0IHRoaXMgbW9kZSBjYW4gYmUKYWN0aXZhdGVkIGZyb20gdXNl ciBsYW5kIG9ubHkgdG9kYXkuCgpUaGUgdGFyZ2V0IGRvbWFpbiBjYW4gYmUg b2J0YWluZWQgZnJvbSBYZW5zdG9yZSwgc28gd2hlbiBub3QgcnVubmluZwpp biBkb20wIHJlc3RyaWN0IHRoZSBwcml2Y21kIGRyaXZlciB0byB0aGF0IHRh cmdldCBkb21haW4gZnJvbSB0aGUKYmVnaW5uaW5nLCByZXNvbHZpbmcgdGhl IHBvdGVudGlhbCBwcm9ibGVtIG9mIGJyZWFraW5nIHNlY3VyZSBib290LgoK VGhpcyBpcyBYU0EtNDgyIC8gQ1ZFID8/PwoKUmVwb3J0ZWQtYnk6IFRlZGR5 IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpGaXhlczogMWM1ZGUx OTM5YzIwICgieGVuOiBhZGQgcHJpdmNtZCBkcml2ZXIiKQpTaWduZWQtb2Zm LWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+Ci0tLQogZHJp dmVycy94ZW4vcHJpdmNtZC5jIHwgNjAgKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDU3IGlu c2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJp dmVycy94ZW4vcHJpdmNtZC5jIGIvZHJpdmVycy94ZW4vcHJpdmNtZC5jCmlu ZGV4IDE3NTljYzE4NzUzZi4uYTgzYmFkNjlmNGYyIDEwMDY0NAotLS0gYS9k cml2ZXJzL3hlbi9wcml2Y21kLmMKKysrIGIvZHJpdmVycy94ZW4vcHJpdmNt ZC5jCkBAIC0xMiw2ICsxMiw3IEBACiAjaW5jbHVkZSA8bGludXgvZXZlbnRm ZC5oPgogI2luY2x1ZGUgPGxpbnV4L2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9rZXJuZWwuaD4KKyNpbmNsdWRlIDxsaW51eC9rc3RydG94Lmg+CiAjaW5j bHVkZSA8bGludXgvbW9kdWxlLmg+CiAjaW5jbHVkZSA8bGludXgvbXV0ZXgu aD4KICNpbmNsdWRlIDxsaW51eC9wb2xsLmg+CkBAIC0zMCw3ICszMSw5IEBA CiAjaW5jbHVkZSA8bGludXgvc2VxX2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9taXNjZGV2aWNlLmg+CiAjaW5jbHVkZSA8bGludXgvbW9kdWxlcGFyYW0u aD4KKyNpbmNsdWRlIDxsaW51eC9ub3RpZmllci5oPgogI2luY2x1ZGUgPGxp bnV4L3ZpcnRpb19tbWlvLmg+CisjaW5jbHVkZSA8bGludXgvd2FpdC5oPgog CiAjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZpc29yLmg+CiAjaW5jbHVkZSA8 YXNtL3hlbi9oeXBlcmNhbGwuaD4KQEAgLTQ2LDYgKzQ5LDcgQEAKICNpbmNs dWRlIDx4ZW4vcGFnZS5oPgogI2luY2x1ZGUgPHhlbi94ZW4tb3BzLmg+CiAj aW5jbHVkZSA8eGVuL2JhbGxvb24uaD4KKyNpbmNsdWRlIDx4ZW4veGVuYnVz Lmg+CiAjaWZkZWYgQ09ORklHX1hFTl9BQ1BJCiAjaW5jbHVkZSA8eGVuL2Fj cGkuaD4KICNlbmRpZgpAQCAtNzIsNiArNzYsMTEgQEAgc3RydWN0IHByaXZj bWRfZGF0YSB7CiAJZG9taWRfdCBkb21pZDsKIH07CiAKKy8qIERPTUlEX0lO VkFMSUQgaW1wbGllcyBubyByZXN0cmljdGlvbiAqLworc3RhdGljIGRvbWlk X3QgdGFyZ2V0X2RvbWFpbiA9IERPTUlEX0lOVkFMSUQ7CitzdGF0aWMgYm9v bCByZXN0cmljdF93YWl0Oworc3RhdGljIERFQ0xBUkVfV0FJVF9RVUVVRV9I RUFEKHJlc3RyaWN0X3dhaXRfd3EpOworCiBzdGF0aWMgaW50IHByaXZjbWRf dm1hX3JhbmdlX2lzX21hcHBlZCgKICAgICAgICAgICAgICAgIHN0cnVjdCB2 bV9hcmVhX3N0cnVjdCAqdm1hLAogICAgICAgICAgICAgICAgdW5zaWduZWQg bG9uZyBhZGRyLApAQCAtMTU2MywxMyArMTU3MiwxNiBAQCBzdGF0aWMgbG9u ZyBwcml2Y21kX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLAogCiBzdGF0aWMg aW50IHByaXZjbWRfb3BlbihzdHJ1Y3QgaW5vZGUgKmlubywgc3RydWN0IGZp bGUgKmZpbGUpCiB7Ci0Jc3RydWN0IHByaXZjbWRfZGF0YSAqZGF0YSA9IGt6 YWxsb2Nfb2JqKCpkYXRhKTsKKwlzdHJ1Y3QgcHJpdmNtZF9kYXRhICpkYXRh OworCisJaWYgKHdhaXRfZXZlbnRfaW50ZXJydXB0aWJsZShyZXN0cmljdF93 YWl0X3dxLCAhcmVzdHJpY3Rfd2FpdCkgPCAwKQorCQlyZXR1cm4gLUVJTlRS OwogCisJZGF0YSA9IGt6YWxsb2Nfb2JqKCpkYXRhKTsKIAlpZiAoIWRhdGEp CiAJCXJldHVybiAtRU5PTUVNOwogCi0JLyogRE9NSURfSU5WQUxJRCBpbXBs aWVzIG5vIHJlc3RyaWN0aW9uICovCi0JZGF0YS0+ZG9taWQgPSBET01JRF9J TlZBTElEOworCWRhdGEtPmRvbWlkID0gdGFyZ2V0X2RvbWFpbjsKIAogCWZp bGUtPnByaXZhdGVfZGF0YSA9IGRhdGE7CiAJcmV0dXJuIDA7CkBAIC0xNjYy LDYgKzE2NzQsNDUgQEAgc3RhdGljIHN0cnVjdCBtaXNjZGV2aWNlIHByaXZj bWRfZGV2ID0gewogCS5mb3BzID0gJnhlbl9wcml2Y21kX2ZvcHMsCiB9Owog CitzdGF0aWMgaW50IGluaXRfcmVzdHJpY3Qoc3RydWN0IG5vdGlmaWVyX2Js b2NrICpub3RpZmllciwKKwkJCSB1bnNpZ25lZCBsb25nIGV2ZW50LAorCQkJ IHZvaWQgKmRhdGEpCit7CisJY2hhciAqdGFyZ2V0OworCXVuc2lnbmVkIGlu dCBkb21pZDsKKworCS8qIERlZmF1bHQgdG8gYW4gZ3VhcmFudGVlZCB1bnVz ZWQgZG9tYWluLWlkLiAqLworCXRhcmdldF9kb21haW4gPSBET01JRF9JRExF OworCisJdGFyZ2V0ID0geGVuYnVzX3JlYWQoWEJUX05JTCwgInRhcmdldCIs ICIiLCBOVUxMKTsKKwlpZiAoSVNfRVJSKHRhcmdldCkgfHwga3N0cnRvdWlu dCh0YXJnZXQsIDEwLCAmZG9taWQpKSB7CisJCXByX2VycigiTm8gdGFyZ2V0 IGRvbWFpbiBmb3VuZCwgYmxvY2tpbmcgYWxsIGh5cGVyY2FsbHNcbiIpOwor CQlnb3RvIG91dDsKKwl9CisKKwl0YXJnZXRfZG9tYWluID0gZG9taWQ7CisK KyBvdXQ6CisJaWYgKCFJU19FUlIodGFyZ2V0KSkKKwkJa2ZyZWUodGFyZ2V0 KTsKKworCXJlc3RyaWN0X3dhaXQgPSBmYWxzZTsKKwl3YWtlX3VwX2FsbCgm cmVzdHJpY3Rfd2FpdF93cSk7CisKKwlyZXR1cm4gTk9USUZZX0RPTkU7Cit9 CisKK3N0YXRpYyBzdHJ1Y3Qgbm90aWZpZXJfYmxvY2sgeGVuc3RvcmVfbm90 aWZpZXIgPSB7CisJLm5vdGlmaWVyX2NhbGwgPSBpbml0X3Jlc3RyaWN0LAor fTsKKworc3RhdGljIHZvaWQgX19pbml0IHJlc3RyaWN0X2RyaXZlcih2b2lk KQoreworCXJlc3RyaWN0X3dhaXQgPSB0cnVlOworCisJcmVnaXN0ZXJfeGVu c3RvcmVfbm90aWZpZXIoJnhlbnN0b3JlX25vdGlmaWVyKTsKK30KKwogc3Rh dGljIGludCBfX2luaXQgcHJpdmNtZF9pbml0KHZvaWQpCiB7CiAJaW50IGVy cjsKQEAgLTE2NjksNiArMTcyMCw5IEBAIHN0YXRpYyBpbnQgX19pbml0IHBy aXZjbWRfaW5pdCh2b2lkKQogCWlmICgheGVuX2RvbWFpbigpKQogCQlyZXR1 cm4gLUVOT0RFVjsKIAorCWlmICgheGVuX2luaXRpYWxfZG9tYWluKCkpCisJ CXJlc3RyaWN0X2RyaXZlcigpOworCiAJZXJyID0gbWlzY19yZWdpc3Rlcigm cHJpdmNtZF9kZXYpOwogCWlmIChlcnIgIT0gMCkgewogCQlwcl9lcnIoIkNv dWxkIG5vdCByZWdpc3RlciBYZW4gcHJpdmNtZCBkZXZpY2VcbiIpOwotLSAK Mi41My4wCgo= --=separator Content-Type: application/octet-stream; name="xsa482-linux-2.patch" Content-Disposition: attachment; filename="xsa482-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA2ZjY5MThmZTFkZDQ1OTBlMDBmZjk1OTAwODZmYWIwOGQ5Mjg0MDVi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFR1ZSwgMTQgT2N0IDIwMjUgMTM6 Mjg6MTUgKzAyMDAKU3ViamVjdDogW1BBVENIIHYzIDIvMl0geGVuL3ByaXZj bWQ6IGFkZCBib290IGNvbnRyb2wgZm9yIHJlc3RyaWN0ZWQgdXNhZ2UgaW4K IGRvbVUKCldoZW4gcnVubmluZyBpbiBhbiB1bnByaXZpbGVnZWQgZG9tVSB1 bmRlciBYZW4sIHRoZSBwcml2Y21kIGRyaXZlcgppcyByZXN0cmljdGVkIHRv IGFsbG93IG9ubHkgaHlwZXJjYWxscyBhZ2FpbnN0IGEgdGFyZ2V0IGRvbWFp biwgZm9yCndoaWNoIHRoZSBjdXJyZW50IGRvbVUgaXMgYWN0aW5nIGFzIGEg ZGV2aWNlIG1vZGVsLgoKQWRkIGEgYm9vdCBwYXJhbWV0ZXIgInVucmVzdHJp Y3RlZCIgdG8gYWxsb3cgYWxsIGh5cGVyY2FsbHMgKHRoZQpoeXBlcnZpc29y IHdpbGwgc3RpbGwgcmVmdXNlIGRlc3RydWN0aXZlIGh5cGVyY2FsbHMgYWZm ZWN0aW5nIG90aGVyCmd1ZXN0cykuCgpNYWtlIHRoaXMgbmV3IHBhcmFtZXRl ciBlZmZlY3RpdmUgb25seSBpbiBjYXNlIHRoZSBkb21VIHdhc24ndCBzdGFy dGVkCnVzaW5nIHNlY3VyZSBib290LCBhcyBvdGhlcndpc2UgaHlwZXJjYWxs cyB0YXJnZXRpbmcgdGhlIGRvbVUgaXRzZWxmCm1pZ2h0IHJlc3VsdCBpbiB2 aW9sYXRpbmcgdGhlIHNlY3VyZSBib290IGZ1bmN0aW9uYWxpdHkuCgpUaGlz IGlzIGFjaGlldmVkIGJ5IGFkZGluZyBhbm90aGVyIGxvY2tkb3duIHJlYXNv biwgd2hpY2ggY2FuIGJlCnRlc3RlZCB0byBub3QgYmVpbmcgc2V0IHdoZW4g YXBwbHlpbmcgdGhlICJ1bnJlc3RyaWN0ZWQiIG9wdGlvbi4KClRoaXMgaXMg cGFydCBvZiBYU0EtNDgyIC8gQ1ZFLT8/PwoKU2lnbmVkLW9mZi1ieTogSnVl cmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgotLS0KIGRyaXZlcnMveGVu L3ByaXZjbWQuYyAgICB8IDEzICsrKysrKysrKysrKysKIGluY2x1ZGUvbGlu dXgvc2VjdXJpdHkuaCB8ICAxICsKIHNlY3VyaXR5L3NlY3VyaXR5LmMgICAg ICB8ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3ByaXZjbWQuYyBiL2RyaXZlcnMv eGVuL3ByaXZjbWQuYwppbmRleCBhODNiYWQ2OWY0ZjIuLmJiZjllZTIxMzA2 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4vcHJpdmNtZC5jCisrKyBiL2Ry aXZlcnMveGVuL3ByaXZjbWQuYwpAQCAtMzIsNiArMzIsNyBAQAogI2luY2x1 ZGUgPGxpbnV4L21pc2NkZXZpY2UuaD4KICNpbmNsdWRlIDxsaW51eC9tb2R1 bGVwYXJhbS5oPgogI2luY2x1ZGUgPGxpbnV4L25vdGlmaWVyLmg+CisjaW5j bHVkZSA8bGludXgvc2VjdXJpdHkuaD4KICNpbmNsdWRlIDxsaW51eC92aXJ0 aW9fbW1pby5oPgogI2luY2x1ZGUgPGxpbnV4L3dhaXQuaD4KIApAQCAtNzIs NiArNzMsMTEgQEAgbW9kdWxlX3BhcmFtX25hbWVkKGRtX29wX2J1Zl9tYXhf c2l6ZSwgcHJpdmNtZF9kbV9vcF9idWZfbWF4X3NpemUsIHVpbnQsCiBNT0RV TEVfUEFSTV9ERVNDKGRtX29wX2J1Zl9tYXhfc2l6ZSwKIAkJICJNYXhpbXVt IHNpemUgb2YgYSBkbV9vcCBoeXBlcmNhbGwgYnVmZmVyIik7CiAKK3N0YXRp YyBib29sIHVucmVzdHJpY3RlZDsKK21vZHVsZV9wYXJhbSh1bnJlc3RyaWN0 ZWQsIGJvb2wsIDApOworTU9EVUxFX1BBUk1fREVTQyh1bnJlc3RyaWN0ZWQs CisJIkRvbid0IHJlc3RyaWN0IGh5cGVyY2FsbHMgdG8gdGFyZ2V0IGRvbWFp biBpZiBydW5uaW5nIGluIGEgZG9tVSIpOworCiBzdHJ1Y3QgcHJpdmNtZF9k YXRhIHsKIAlkb21pZF90IGRvbWlkOwogfTsKQEAgLTE3MDgsNiArMTcxNCwx MyBAQCBzdGF0aWMgc3RydWN0IG5vdGlmaWVyX2Jsb2NrIHhlbnN0b3JlX25v dGlmaWVyID0gewogCiBzdGF0aWMgdm9pZCBfX2luaXQgcmVzdHJpY3RfZHJp dmVyKHZvaWQpCiB7CisJaWYgKHVucmVzdHJpY3RlZCkgeworCQlpZiAoc2Vj dXJpdHlfbG9ja2VkX2Rvd24oTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OUykp CisJCQlwcl93YXJuKCJLZXJuZWwgaXMgbG9ja2VkIGRvd24sIHBhcmFtZXRl ciBcInVucmVzdHJpY3RlZFwiIGlnbm9yZWRcbiIpOworCQllbHNlCisJCQly ZXR1cm47CisJfQorCiAJcmVzdHJpY3Rfd2FpdCA9IHRydWU7CiAKIAlyZWdp c3Rlcl94ZW5zdG9yZV9ub3RpZmllcigmeGVuc3RvcmVfbm90aWZpZXIpOwpk aWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oIGIvaW5jbHVk ZS9saW51eC9zZWN1cml0eS5oCmluZGV4IDgzYTY0NmQ3MmY2Zi4uZWU4OGRk MmQyZDFmIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NlY3VyaXR5LmgK KysrIGIvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oCkBAIC0xNDUsNiArMTQ1 LDcgQEAgZW51bSBsb2NrZG93bl9yZWFzb24gewogCUxPQ0tET1dOX0JQRl9X UklURV9VU0VSLAogCUxPQ0tET1dOX0RCR19XUklURV9LRVJORUwsCiAJTE9D S0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT04sCisJTE9DS0RPV05fWEVOX1VT RVJfQUNUSU9OUywKIAlMT0NLRE9XTl9JTlRFR1JJVFlfTUFYLAogCUxPQ0tE T1dOX0tDT1JFLAogCUxPQ0tET1dOX0tQUk9CRVMsCmRpZmYgLS1naXQgYS9z ZWN1cml0eS9zZWN1cml0eS5jIGIvc2VjdXJpdHkvc2VjdXJpdHkuYwppbmRl eCA2N2FmOTIyOGM0ZTkuLmEyNmMxNDc0ZTJlNCAxMDA2NDQKLS0tIGEvc2Vj dXJpdHkvc2VjdXJpdHkuYworKysgYi9zZWN1cml0eS9zZWN1cml0eS5jCkBA IC02MSw2ICs2MSw3IEBAIGNvbnN0IGNoYXIgKmNvbnN0IGxvY2tkb3duX3Jl YXNvbnNbTE9DS0RPV05fQ09ORklERU5USUFMSVRZX01BWCArIDFdID0gewog CVtMT0NLRE9XTl9CUEZfV1JJVEVfVVNFUl0gPSAidXNlIG9mIGJwZiB0byB3 cml0ZSB1c2VyIFJBTSIsCiAJW0xPQ0tET1dOX0RCR19XUklURV9LRVJORUxd ID0gInVzZSBvZiBrZ2RiL2tkYiB0byB3cml0ZSBrZXJuZWwgUkFNIiwKIAlb TE9DS0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT05dID0gIlJUQVMgZXJyb3Ig aW5qZWN0aW9uIiwKKwlbTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OU10gPSAi WGVuIGd1ZXN0IHVzZXIgYWN0aW9uIiwKIAlbTE9DS0RPV05fSU5URUdSSVRZ X01BWF0gPSAiaW50ZWdyaXR5IiwKIAlbTE9DS0RPV05fS0NPUkVdID0gIi9w cm9jL2tjb3JlIGFjY2VzcyIsCiAJW0xPQ0tET1dOX0tQUk9CRVNdID0gInVz ZSBvZiBrcHJvYmVzIiwKLS0gCjIuNTMuMAoK --=separator-- From xen-announce-bounces@lists.xenproject.org Thu Mar 26 15:35:44 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Mar 2026 15:35:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1264333.1555954 (Exim 4.92) (envelope-from ) id 1w5mjs-0006an-Gh; Thu, 26 Mar 2026 15:35:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1264333.1555954; Thu, 26 Mar 2026 15:35:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5mjs-0006aD-CX; Thu, 26 Mar 2026 15:35:16 +0000 Received: by outflank-mailman (input) for mailman id 1264333; Thu, 26 Mar 2026 15:34:42 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5mjK-00063z-KN for xen-announce@lists.xenproject.org; Thu, 26 Mar 2026 15:34:42 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w5mjI-00H0oO-Ed for xen-announce@lists.xenproject.org; Thu, 26 Mar 2026 16:34:42 +0100 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c5520c-bab6-0a2a0a5309dd-0a2a4506845a-48 for ; Thu, 26 Mar 2026 16:34:41 +0100 Received: from [209.85.128.50] (helo=mail-wm1-f50.google.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c55211-3034-0a2a45060019-d1558032a4ed-3 for ; Thu, 26 Mar 2026 16:34:41 +0100 Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-48538c5956bso10155775e9.0 for ; Thu, 26 Mar 2026 08:34:41 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4871fbca47dsm31284155e9.1.2026.03.26.08.34.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 Mar 2026 08:34:40 -0700 (PDT) X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:Autocrypt:Content-Language:Cc:To:Subject:From:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1774539281; x=1775144081; darn=lists.xenproject.org; h=content-transfer-encoding:autocrypt:content-language:cc:to:subject :from:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=SxePKm9MA9Ww0nfWWjfwiW1VHF/AI1OJVgyRpuDvdvE=; b=aystEFJvKBBCD0rnYI5XydbF0SyB4gOcLFcgOLaDCG2pDQBzxRp/sAh8NvlM8AXe0U dbCD5E29AhEMU7riKj/4qaaWXC4cOqC6NY7HILj1f4CgykS+pyY6D60vmqCTI2YBKmfz dUR/BTv0puncW4CFiGxiwaHKrpmYRQXNA7H9ORTgAd1GFUxFYi5oYqUsfrqKCY3EdCru QViQo01APY9BmicvSlUqfYaaAgxJUY3kVQgLGfVglHJsydXNjrws+nQ1xmoF3yp6GF+s 2CNndyUXf1fWvOnDZ75MBt1jdXgwWMjpyGbqpXoGDZs9DKwMQMRVNwl9L3u/C7rvZVDK AbYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774539281; x=1775144081; h=content-transfer-encoding:autocrypt:content-language:cc:to:subject :from:user-agent:mime-version:date:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SxePKm9MA9Ww0nfWWjfwiW1VHF/AI1OJVgyRpuDvdvE=; b=htlcQO/O4nph9fBTISCPrqVx4RxvqcaTCgQBkCZxqD7YsPqvVScOMerrfqxwTwh7Rp Zp4FalTLa2WzDRevKD4871h5ATE+p9lPWAGPzCPqD1Nzef452J3QFsN09leUyfHwXFPC OtLcQwzNzgeytrK0PjE1cxPGeOssqI4mVQYx2vkO9gYybJnzyHbpmuSzTfVf+BJzzLnO S81VQG5MXAZ19vFoLckHFljZy4cr6ydkLBB+/D6uJcJRUEaqnCcGCvjsbLYBdwVm/2Vi iddKBvl6Sj4wqAWpaUBEbmaLvESvzS9vaFDjiz3BfIH4wxi6tV0R6AmQm5fjsaJ5yDZB tu+Q== X-Gm-Message-State: AOJu0YwUm+5nfJsiu0ZrPUVmMUyOtybtXslLpXRmNBX1HKFPqkTMoPkl KPc2SpUi8pgO/Wu/SjkqnjNUeaW2CzyD2W+hjkrvIEBS4SHsGi3bjjFYL9+flVw/0KCFCeboRR1 8kOPYDA== X-Gm-Gg: ATEYQzwZjcQcdJPSwYznV4O3TtgoLFCRYtoE1Lsw3Iq9mzR8vnxRrOJ8Gtm08QDN3qM XWI9IoWP8FvLEiEpC2i8A2XUdkUAVi1E2EyBizgFHRsic+FxVh76qqnSAhmKfUOpEl9IQpvoPQ0 g1LLfLgJ0vjs5K9oYS7LZephdzYc4nboljJgVMQfJ6cb016BIcrwXAF+SwrtIToZM8nFZ9qOqta wfsgqCdDPjImKpoKA9ouoBR6/54kQbUo9tyj3GUIlGzq6om4X4Pn+QVl5Oa5CrJTf56kbUSHB24 jXHbhD/Jh2cvORxj2YTFb6xvw8oRA6cIkVxzrFm5whZzmCdfmJ7xo//TO9jvGzomBpvoarCgNXy yf0f/dLVns4jW9pdnn7x48+wOS4i7anJcyK5eLfrc9caDyFu9HfUPbhNC47Bud0bx3DAnap6AAO B7ZlYYIngu/9fSwmKsC4Lwa1bc7d6F1N8/HafzRnKTtjYxFr7Vo5f4RC6GHI44r5NfN/UqIDLo0 CEFW6VujpX42f0= X-Received: by 2002:a05:600c:3ba1:b0:46e:59bd:f7e2 with SMTP id 5b1f17b1804b1-48722bdfeebmr35611965e9.11.1774539281284; Thu, 26 Mar 2026 08:34:41 -0700 (PDT) Message-ID: Date: Thu, 26 Mar 2026 16:34:39 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Jan Beulich Subject: Xen 4.20.3 released To: xen-announce@lists.xenproject.org Cc: "xen-devel@lists.xenproject.org" Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-purgate-ID: tlsNG-16d1c6/1774539281-78D851C2-FE98ED17/0/0 X-purgate-type: clean X-purgate-size: 425 All, we're pleased to announce the release of another bug fixing Xen version. Xen 4.20.3 is available from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.20 (tag RELEASE-4.20.3) or from the XenProject download page https://xenproject.org/resources/downloads/. We recommend all users of the 4.20 stable series to update to this latest point release. Regards, Jan From xen-announce-bounces@lists.xenproject.org Thu Mar 26 15:35:47 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Mar 2026 15:35:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1264323.1555948 (Exim 4.92) (envelope-from ) id 1w5mjs-0006Wz-7g; Thu, 26 Mar 2026 15:35:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1264323.1555948; Thu, 26 Mar 2026 15:35:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5mjs-0006Ws-4a; Thu, 26 Mar 2026 15:35:16 +0000 Received: by outflank-mailman (input) for mailman id 1264323; Thu, 26 Mar 2026 15:33:42 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5miM-0005Yz-Rd for xen-announce@lists.xenproject.org; Thu, 26 Mar 2026 15:33:42 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w5miM-009Sm7-7Z for xen-announce@lists.xenproject.org; Thu, 26 Mar 2026 16:33:42 +0100 Received: from [10.42.69.9] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c551cb-bab6-0a2a0a5309dd-0a2a450995de-32 for ; Thu, 26 Mar 2026 16:33:42 +0100 Received: from [209.85.128.49] (helo=mail-wm1-f49.google.com) by tlsNG-bad1c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c551d5-e484-0a2a45090019-d1558031c0eb-3 for ; Thu, 26 Mar 2026 16:33:42 +0100 Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-486ff3a0fc1so11263295e9.2 for ; Thu, 26 Mar 2026 08:33:41 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48722c7cec3sm34609535e9.6.2026.03.26.08.33.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 Mar 2026 08:33:41 -0700 (PDT) X-BeenThere: xen-announce@lists.xenproject.org List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-announce-bounces@lists.xenproject.org Precedence: list Sender: "Xen-announce" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:Autocrypt:Content-Language:Cc:To:Subject:From:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1774539221; x=1775144021; darn=lists.xenproject.org; h=content-transfer-encoding:autocrypt:content-language:cc:to:subject :from:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=yxhh10+xfSURNBMCt1w28m6g5PjG/+lhGkZlOGF6vg0=; b=b0lj4je1BFTPajxjaKAUU1v4Cp98D3nqZPgkSncYudA+WyDm4RDHi1T3qdOwimrwnr LQDRaQqIWbS89Bq6+XLEpYw1mk1XEY2W6Sj4IX6HKN77sGYn2GGxHtGrjTLBHtJ2rior VJpfNIZ1tqtdk+wGsJCYv5bZr3/dtH4BJlats35XqnNT6AIzCyFoR12heBQLo0iIMHjh UiFpNf8/N3WjjDYqZEGixD+GcfVgiZUIuJs6Kuu3d9l8YGeGIlfNqWtgXQpbyFjGGgug hyHWm2i/wkqWbyPeKij+zW5APFsHdHe5nX1pwgLSJyMRGm+SrZeOt+6ugjUTuFSOuPhH eUxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774539221; x=1775144021; h=content-transfer-encoding:autocrypt:content-language:cc:to:subject :from:user-agent:mime-version:date:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yxhh10+xfSURNBMCt1w28m6g5PjG/+lhGkZlOGF6vg0=; b=EPmcmpKs1YOJztvFQw0qKL302w4xOjC4X3PHGHm/vJlXi8mq9SE3f2U1ppTqUefU4W 2vQz+R0yoNCJxNPnoUTK2qWbAfH++ausImhuOhKw7OIsl8FFa6MJedJ+SmF0iqXNzKNJ RfAdGPb45C/KWOxoQ2g1fM2lJFdTUbOeKNLLdjZJOmk/Il8kVVUdTDfo70EFdKoe/mZ1 Da5S+eXM76yA95exjqoIoQk2lFdvvVqTr6ioZu63j8l/vYfBaOFdgPhBfCgfgWdDeP5S 9Xg5jS1K2UhQPZ+0vFx4qMIHvUbfRiPIMyjr3fBXHg2GdeEescHD6e4JdTUZvdLULjgP Df9Q== X-Gm-Message-State: AOJu0YyneZ7bCwt+BgLl6wfPNVBjeTXT7qmk6C+QE2CF863CLlhSHzdF YRqFfHlopgBbSWXXd/4j5C6E5tmm0FlN1qhWTVrK0EQTNMs2PVv31FyWpiIsyGdIVPztGD7o1lU R21gd0A== X-Gm-Gg: ATEYQzy8Vu5wwacdUYSYR/vVQKqtixcLxb9P+LOtCJHNWf8KaN9RA2mJKEYNOy9Oj8m PWoL+PY//T+RLOBstR7Fab49cwSchl2UI5taNZmKGKHDHySQzwwtrvf1yBlBPS2CDWgPvdkWEpR Ruos4OU0oD4YvGMatQ4pnb8aF5/An7R0jKxorF/8cw2t0JOA4AIDaEGGhz+sVew5IWKdLvk9bR9 MxDF+AiCS2XvlH3+VZasUIS2+ujzPsA7m/caDwTylkdntY2qoX/xae6yEEKfmBOjZtbWHADblTI NuwILp0Vrja/LYZPMOgZvlVRYEVT1tOeAVjroYSPPFPRp1jVJFCfqsT29xpXY1l5YbmmR0Mfy/0 SA/Whda9bHxkGJEO5wSe47UkccSTlTXlCrgIYBIDhazQPsTKGr3qM1BJCFo/U0e9Zm7iJKuuz16 y0ICnoxVMzu4IyNad8ZkS1n+cReTQew+A4glYTCqEbXlDuvsrCPzBAEyNGQESLCfGkBeIWV+YBU f0vEWorEiw4urE= X-Received: by 2002:a05:600c:4447:b0:485:17a7:b9c7 with SMTP id 5b1f17b1804b1-48715fd4d49mr115156695e9.10.1774539221341; Thu, 26 Mar 2026 08:33:41 -0700 (PDT) Message-ID: Date: Thu, 26 Mar 2026 16:33:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Jan Beulich Subject: Xen 4.19.5 released To: xen-announce@lists.xenproject.org Cc: "xen-devel@lists.xenproject.org" Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-purgate-ID: tlsNG-bad1c0/1774539222-610B9A73-745978FA/0/0 X-purgate-type: clean X-purgate-size: 544 All, we're pleased to announce the release of another bug fixing Xen version. Xen 4.19.5 is available from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.19 (tag RELEASE-4.19.5) or from the XenProject download page https://xenproject.org/resources/downloads/ (after entering 4.19 in the search box there). We recommend all users of the 4.19 stable series to update to this latest point release. Note that the branch is now switching into security-only support mode. Regards, Jan