From xen-users-bounces@lists.xenproject.org Sun Mar 15 20:44:43 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 15 Mar 2026 20:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1255115.1550366 (Exim 4.92) (envelope-from ) id 1w1sJS-0004t2-KE; Sun, 15 Mar 2026 20:43:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1255115.1550366; Sun, 15 Mar 2026 20:43:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w1sJS-0004sU-C7; Sun, 15 Mar 2026 20:43:50 +0000 Received: by outflank-mailman (input) for mailman id 1255115; Sun, 15 Mar 2026 06:45:19 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w1fDz-0000XS-Ck for xen-users@lists.xenproject.org; Sun, 15 Mar 2026 06:45:19 +0000 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [2607:f8b0:4864:20::f2e]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 85c1b0bd-203a-11f1-b164-2bf370ae4941; Sun, 15 Mar 2026 07:45:17 +0100 (CET) Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-89a1c6dd788so47333406d6.0 for ; Sat, 14 Mar 2026 23:45:15 -0700 (PDT) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 85c1b0bd-203a-11f1-b164-2bf370ae4941 ARC-Seal: i=1; a=rsa-sha256; t=1773557114; cv=none; d=google.com; s=arc-20240605; b=daGUnAfUiQ/pl4AAPfmj/TcMZD95ZPtROKp78MEghGvVqsKIKLRC5cvVuu4b8DJHlD Eb3sef+IrsqIkdtR5Tl6+KxV60TrW22ZCwUACtj+Gdpp0STu6jP+SZJwhRrpzR/OJQZU AJBSwhqdqzm1AJA4mB0imgGBUvbt7nAYUbXvLbMjAxJjq0Fdoj6RnOWCL4TCSYuG31zM npYJKYVpqwNQM9TJEBnrhfgXwwlG+YkvCfQwoA8IyIqEnqIm58DhUCCXPOR1EBrNZw9t /5yW2UkanLOxYgmrZGQKTwjOTBD4LvivCxEjJ90QDiymjswOsBhCH1lpmrQPLaQ+bKO4 /Dsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=KyyHI8JF6llhKKw/Alcd6PPIwSWWPO0mnpwlTftuUBI=; fh=HnBu61sSZjOKSEr7aB6B3V+mQZq2g39d/nHlRZRWSA8=; b=KksxWtpc+ZasbMfwBJt43/tDjTGNTAT2IYTpXkH+lUlGvlgz8wJILS3oabcYoPfm9s iCGFrGdQOR7IScu8TbUyrP0q7/1XV1EMg1tvBfRT0lz5J12zjyho41iYxMLU94bJ8r8h bp7bYLGN5PVKWX2PMVLE1tVveKBKVoeoQJl/5suSG0maZiMMusPJZQrlYe+vUFKUWzFj 3ILHjUINnQCiJQXHqDKSWA/5iLr23R81aFK4NI+jGMuXzh3Mh3fN7zskuwW/mEaQxIKn jWQrVSZTpQIu5KWgabKmklV1i0Fx6zVkwtcXI2bC96oCuej7SR8gL362sPUzUE3GTXbo Ca4w==; darn=lists.xenproject.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773557114; x=1774161914; darn=lists.xenproject.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=KyyHI8JF6llhKKw/Alcd6PPIwSWWPO0mnpwlTftuUBI=; b=LVNQal8T2GX2dkjhJmZVHmlMPW5WZ4O0QvaO4WrXKvXr0x6/NFpiUuTeD1cqxtUiqq /6GGmtZaj5KGg4kViZ+RdVidI7KNym8FHL5LTZbBF2S62YMpC0cRIFt2VbeMWeyAhrJo 8ejEE/VZtpIJeoybmxPb5ioZoTSJqlj9L9xZWTSFJu7e1SWXgQqunc1YUhxYOxqLWyDz a1T3ZgRiCfoaiS4ICFHoosBi6sxBUd6eTE/AXZsnWHgXCjN+gBr4usgPl4huEHmVMcSR KpitCOn4eArS4rdYyO2rSudxJ9F4tqN+ns6aPEHiuusV4Ht1ItY3tS2vSrRnxmwo4mAl 5L6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773557114; x=1774161914; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KyyHI8JF6llhKKw/Alcd6PPIwSWWPO0mnpwlTftuUBI=; b=TE41jDeM/9QieLQGGx2TiW+lpwYfm95q1FDsN1EyZMiGiITwER2OATL8480HfQctIJ F8M8tTxkoGfEGourSqqApVqtfM1zl3M0u/07845Y+AUNRZgAQPEcIcdPsiZua4mOygo0 6CxAhwdjfqRGX/CFsr2YWupkS3RTO1r1n21d0ofiK22Mviike9YTZLbl1SjPoOoFu5Wb zACHv+ODwFxb3j44ugqWLXdafKGNv0nMYVN8C6s03WmjYUp/AppiCognJ++kzxOUNOOW T8tl1qro72pv2BZK1RWhg1q7YyHYNBi+zPSxK338jxOcgnrg2rmyeT6jpjD4HkJ7S764 +5rA== X-Gm-Message-State: AOJu0YxE03XBa1UQkiXpvXOdGec+25f4Fwr17RnukwOwQKy27CK1s5jx oMcAnVxuLRntyx8kq6VZzjNKIHIThho4FQaMIDIFrSFw/u+5wso134JC+Aa/OsZ82JzTSlEnfVK bd3nRfIx4wsm+MbbbYYnqpqGOkvfggH5RPHq4IkQ= X-Gm-Gg: ATEYQzxTOUNt9bO0p9oeM8arTTXJ8vrsTm3fm13+YW46jm/OYMx4yI/V9kSqmyB37CM YuFYP8TP3674aXfq3rX2GtJDRmE/BdIN6V4pVue92YxbSsQcvYKKd7FLWqhKFxRsPJzL38YZaSl mcC1jI24hOhGkC8eAa2K+Y4h6TA3mQHp9zeMFwJtcfNLgziWG8IGLuaHVUhv7uqJ1RYbM5k2wAv QbF0ZICLAv0fpadoz3+CzWHuCuOcXqsNvSFLkQ8L0Utc0pGcojfr1V2PXkJCSkD/SxUEkLFm+p+ 3ZkeFUO7NUUAajxTegCyDJRQZnDioJ4gNYj5Su1gduOuYmtR6boL0wut5WwEnw== X-Received: by 2002:ad4:5c4c:0:b0:899:fc12:f21e with SMTP id 6a1803df08f44-89a81f8c1c0mr129388436d6.40.1773557114082; Sat, 14 Mar 2026 23:45:14 -0700 (PDT) MIME-Version: 1.0 From: Aananth C N Date: Sun, 15 Mar 2026 12:15:03 +0530 X-Gm-Features: AaiRm53dl7zB6ABuGgZcqCgCNoxTuU6q1Z7jXpz9sy97DSoJdQ6kkOMt7xBQ7No Message-ID: Subject: RPi5 dom0less: instability when preloading Android trout DomU alongside Zephyr + Linux DomD To: xen-users@lists.xenproject.org Content-Type: multipart/alternative; boundary="000000000000c61b43064d0a7152" --000000000000c61b43064d0a7152 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Dear Xen-Troops Team, I am working on a Xen dom0less setup on Raspberry Pi 5 (ARM64) with the following intended layout: - Xen hypervisor - Zephyr as Dom0 - Linux (Yocto-based) as DomD - Android (trout image) as an additional DomU My goal is to preload the Android kernel + ramdisk as multiboot modules via U-Boot and have Xen instantiate it as a secondary DomU alongside the existing dom0less guests. However, I am observing fragile and non-deterministic behaviour, mainly affecting Linux DomD stability. Depending on the RAM addresses used for preloading Android images, I see: - DomD failing to boot or console becoming non-responsive - Xen warnings (vGIC / SMC-HVC related) - In some cases, U-Boot synchronous abort before Xen hand-off Example preload address ranges tested: - 0x18000000 / 0x1A800000 / 0x1B000000 =E2=86=92 DomD unstable / fails - ~0x68000000 =E2=86=92 occasionally works but not reliable - ~0x70000000 =E2=86=92 U-Boot abort observed Xen logs show DomD static banks such as: - 0x50000000 =E2=80=93 0x68000000 - 0x20000000 =E2=80=93 0x28000000 Even when placing Android images outside these ranges, DomD behaviour becomes unstable. Could you advise on: 1. Recommended approach for hosting a full Android kernel guest alongside Zephyr + Linux dom0less guests on ARM / RPi5 2. Safe multiboot module placement expectations for dom0less 3. Any known limitations related to BCM2712 / RP1 memory topology I can share full logs, DT snippets, and boot scripts if helpful. Best regards, Aananth --000000000000c61b43064d0a7152 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Dear Xen-Troops Team,

=

I am working on a Xen dom0less setup on Ra= spberry Pi 5 (ARM64) with the following intended layout:

  • Xen hypervisor

  • Zephyr as Dom0

  • Linu= x (Yocto-based) as DomD

  • Androi= d (trout image) as an additional DomU


My goal is to preload the Android kernel + ramdisk= as multiboot modules via U-Boot and have Xen instantiate it as a secondary= DomU alongside the existing dom0less guests.

However, I am observing fragile and non-deterministic behaviour, mai= nly affecting Linux DomD stability. Depending on the RAM addresses used for= preloading Android images, I see:

  • DomD failing to boot or console becoming non-responsive

  • Xen warnings (vGIC / SMC-HVC related)

  • In some cases, U-Boot synchronous abo= rt before Xen hand-off


Example preload address ranges tested:

  • 0x18000000 / 0x1A800000 / 0x1B000000 =E2=86=92 DomD unstab= le / fails

  • ~0x68000000 =E2=86= =92 occasionally works but not reliable

  • ~0x70000000 =E2=86=92 U-Boot abort observed

Xen logs show DomD static banks such as:

    0x50000000 =E2=80=93 0x68000000

    =

  • 0x20000000 =E2=80=93 0x28000000


Even when placing An= droid images outside these ranges, DomD behaviour becomes unstable.

Could you advise on:

  1. Recommended approach for hosting a full Andr= oid kernel guest alongside Zephyr + Linux dom0less guests on ARM / RPi5

    =

  2. Safe multiboot module placement e= xpectations for dom0less

  3. Any k= nown limitations related to BCM2712 / RP1 memory topology

I can share full logs, DT snippets, and boot s= cripts if helpful.

Best regards,
Aananth

--000000000000c61b43064d0a7152-- From xen-users-bounces@lists.xenproject.org Tue Mar 17 12:06:07 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 17 Mar 2026 12:06:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1255914.1550722 (Exim 4.92) (envelope-from ) id 1w2TAn-0000ux-TY; Tue, 17 Mar 2026 12:05:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1255914.1550722; Tue, 17 Mar 2026 12:05:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAn-0000uq-PY; Tue, 17 Mar 2026 12:05:21 +0000 Received: by outflank-mailman (input) for mailman id 1255914; Tue, 17 Mar 2026 12:05:20 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAm-0008QI-1Q for xen-users@lists.xen.org; Tue, 17 Mar 2026 12:05:20 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8d8f2755-21f9-11f1-9ccf-f158ae23cfc8; Tue, 17 Mar 2026 13:05:13 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w2TAa-00D7eo-2J; Tue, 17 Mar 2026 12:05:08 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w2TAa-00DbYI-1T; Tue, 17 Mar 2026 12:05:08 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 8d8f2755-21f9-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 481 v2 (CVE-2026-23555) - Xenstored DoS by unprivileged domain Message-Id: Date: Tue, 17 Mar 2026 12:05:08 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-23555 / XSA-481 version 2 Xenstored DoS by unprivileged domain UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get. IMPACT ====== Any unprivileged domain can cause xenstored to crash, causing a DoS (denial of service) for any Xenstore action. This will result in an inability to perform further domain administration on the host. In case xenstored has been built with NDEBUG defined, an unprivileged domain can force xenstored to be 100% busy, but without harming xenstored functionality for other guests otherwise. VULNERABLE SYSTEMS ================== All Xen systems from Xen 4.18 onwards are vulnerable. Systems up to Xen 4.17 are not vulnerable. Systems using the C variant of xenstored are vulnerable. Systems using xenstore-stubdom or the OCaml variant of Xenstore (oxenstored) are not vulnerable. MITIGATION ========== There is no known mitigation available. CREDITS ======= This issue was discovered by Marek Marczykowski-Góreckiof Invisible Things Lab. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa481.patch xen-unstable - Xen 4.18.x $ sha256sum xsa481* 148147e4545a4670578c0f24aa136f67bc203c7b18ec980b8cc80cfbb04ace68 xsa481.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patch described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. Switching xenstored with oxenstored or xenstore-stubdom is not permitted as a mitigation, as this is a guest visible change of the configuration. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmm5Q1sMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZKmYIAKOrz2ZWyIQyEJCuci+pavN6zG8/qgBhoRhzB2gJ piwk6CDr0gB2LseEePPLbl+yoGmNxNVtXjgCNyWVbCA2HaCnPsENOOkZkUhwffN/ fXVMJHC43YdiaknKTKc8QoRn0poiPLIBQE2eXpIMVo9J7FoPkqQZYM1DS6B5x/q3 FWyKjHWwnGRv2pzRAm6mx22bu6wNpzYsfD2qCUe4d08njC3+iFLn1az+9XwF+Yw6 nS51gB2KjzRoGNhfepwzHC9R2cysYQdySFbAbskcGBTTD2FI9D+k6fBbXc7Tuj4T v+JqgQMkmQitJepE875VWxfFAR2PTRcBbL2ev6tQvA1x5mQ= =Bv72 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa481.patch" Content-Disposition: attachment; filename="xsa481.patch" Content-Transfer-Encoding: base64 RnJvbSAwY2ZmMTZmMGE5OTdmMWIwODcxYjYyMWExZDYwNTA2NTI1MzBlNWQ5 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgMTIgRmViIDIwMjYgMDg6 Mjk6MzggKzAxMDAKU3ViamVjdDogW1BBVENIXSB0b29scy94ZW5zdG9yZWQ6 IGZpeCBjYW5vbmljYWxpemUoKSBlcnJvciB0ZXN0aW5nCk1JTUUtVmVyc2lv bjogMS4wCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYt OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA4Yml0CgpUaGUgc2V0dGlu ZyBvZiBlcnJubyBpbiBjYW5vbmljYWxpemUoKSBpcyByYXRoZXIgZnJhZ2ls ZSBhbmQgc2VlbXMgdG8KYmUgZXZlbiB3cm9uZyBpbiBvbmUgY29ybmVyIGNh c2U6IHdoZW4gdGhlIGludmFsaWQgcGF0aCAiL2xvY2FsL2RvbWFpbi8iCmlz IHBhc3NlZCwgc3NjYW5mKCkgd2lsbCBzZXQgZXJybm8gdG8gMCwgcmVzdWx0 aW5nIGluIGNhbm9uaWNhbGl6ZSgpIHRvCnJldHVybiBOVUxMIHdpdGggZXJy bm8gYmVpbmcgMC4gVGhpcyBjYW4gcmVzdWx0IGluIHRyaWdnZXJpbmcgdGhl CmFzc2VydChjb25uLT5pbiA9PSBOVUxMKSBpbiBjb25zaWRlcl9tZXNzYWdl KCkuCgpEb24ndCBhc3N1bWUgdGhlIGluaXRpYWwgc2V0dGluZyBvZiBlcnJu byB0byAiRUlOVkFMIiB3aWxsIHN0YXkgdmFsaWQKaW4gYWxsIGNhc2VzIGFu ZCBzZXQgaXQgdG8gRUlOVkFMIG9ubHkgd2hlbiByZXR1cm5pbmcgTlVMTCBk dWUgdG8gYW4KaW52YWxpZCBwYXRoLgoKVGhpcyBpcyBYU0EtNDgxL0NWRS0y MDI2LTIzNTU1CgpSZXBvcnRlZC1ieTogTWFyZWsgTWFyY3p5a293c2tpLUfD s3JlY2tpIDxtYXJtYXJla0BpbnZpc2libGV0aGluZ3NsYWIuY29tPgpTaWdu ZWQtb2ZmLWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBKdWxpZW4gR3JhbGwgPGp1bGllbkB4ZW4ub3JnPgotLS0K IHRvb2xzL3hlbnN0b3JlZC9jb3JlLmMgfCA1ICsrKy0tCiAxIGZpbGUgY2hh bmdlZCwgMyBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAt LWdpdCBhL3Rvb2xzL3hlbnN0b3JlZC9jb3JlLmMgYi90b29scy94ZW5zdG9y ZWQvY29yZS5jCmluZGV4IDY0YzQ3OGE4MDEuLjJlODI2Zjk5ZWIgMTAwNjQ0 Ci0tLSBhL3Rvb2xzL3hlbnN0b3JlZC9jb3JlLmMKKysrIGIvdG9vbHMveGVu c3RvcmVkL2NvcmUuYwpAQCAtMTI0MCwxMSArMTI0MCwxMCBAQCBjb25zdCBj aGFyICpjYW5vbmljYWxpemUoc3RydWN0IGNvbm5lY3Rpb24gKmNvbm4sIGNv bnN0IHZvaWQgKmN0eCwKIAkgKiAtIGlsbGVnYWwgY2hhcmFjdGVyIGluIG5v ZGUKIAkgKiAtIHN0YXJ0cyB3aXRoICdAJyBidXQgbm8gc3BlY2lhbCBub2Rl IGFsbG93ZWQKIAkgKi8KLQllcnJubyA9IEVJTlZBTDsKIAlpZiAoIW5vZGUg fHwKIAkgICAgIXZhbGlkX2NoYXJzKG5vZGUpIHx8CiAJICAgIChub2RlWzBd ID09ICdAJyAmJiAhYWxsb3dfc3BlY2lhbCkpCi0JCXJldHVybiBOVUxMOwor CQlnb3RvIGludmFsOwogCiAJaWYgKG5vZGVbMF0gIT0gJy8nICYmIG5vZGVb MF0gIT0gJ0AnKSB7CiAJCW5hbWUgPSB0YWxsb2NfYXNwcmludGYoY3R4LCAi JXMvJXMiLCBnZXRfaW1wbGljaXRfcGF0aChjb25uKSwKQEAgLTEyNzIsNiAr MTI3MSw4IEBAIGNvbnN0IGNoYXIgKmNhbm9uaWNhbGl6ZShzdHJ1Y3QgY29u bmVjdGlvbiAqY29ubiwgY29uc3Qgdm9pZCAqY3R4LAogCWlmIChuYW1lICE9 IG5vZGUpCiAJCXRhbGxvY19mcmVlKG5hbWUpOwogCisgaW52YWw6CisJZXJy bm8gPSBFSU5WQUw7CiAJcmV0dXJuIE5VTEw7CiB9CiAKLS0gCjIuNTMuMAoK --=separator-- From xen-users-bounces@lists.xenproject.org Tue Mar 17 12:06:07 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 17 Mar 2026 12:06:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1255913.1550706 (Exim 4.92) (envelope-from ) id 1w2TAm-0000X1-Hh; Tue, 17 Mar 2026 12:05:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1255913.1550706; Tue, 17 Mar 2026 12:05:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAm-0000Wu-EA; Tue, 17 Mar 2026 12:05:20 +0000 Received: by outflank-mailman (input) for mailman id 1255913; Tue, 17 Mar 2026 12:05:19 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w2TAl-0008QI-18 for xen-users@lists.xen.org; Tue, 17 Mar 2026 12:05:19 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8b95c952-21f9-11f1-9ccf-f158ae23cfc8; Tue, 17 Mar 2026 13:05:11 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w2TAW-00D7eF-1U; Tue, 17 Mar 2026 12:05:04 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w2TAW-00DbXG-0N; Tue, 17 Mar 2026 12:05:04 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 8b95c952-21f9-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after free of paging structures in EPT Message-Id: Date: Tue, 17 Mar 2026 12:05:04 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-23554 / XSA-480 version 3 Use after free of paging structures in EPT UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions. IMPACT ====== Privilege escalation, Denial of Service (DoS) affecting the entire host, and information leaks. VULNERABLE SYSTEMS ================== Xen 4.17 and onwards are vulnerable. Xen 4.16 and older are not vulnerable. Only x86 Intel systems with EPT support are vulnerable. Only x86 HVM/PVH guests using HAP can leverage the vulnerability on affected systems. MITIGATION ========== There are no mitigations. CREDITS ======= This issue was discovered by Roger Pau Monné of XenServer. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa480.patch xen-unstable - Xen 4.17.x $ sha256sum xsa480* 578f8fec3f34656e085419f6376d43987ffd6ed32e067b4024d3c83ce03a5901 xsa480.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmm5Q1MMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZKDgH/jDFwjlPNV0IQor3c5j9D7L++i5dFugypaF5OI+Q nboD7VEe6y1KexRsPa/a7UAvuabgGdudeS18IS3W34/9TZILZRITo9s3IgEnTfQR qqFlCTxymFuCn8Iptq8SJh37fG3nc9OJ/v28s+0+X9ERnjjjVcjhwcbQ5gQSpKU0 7fAe+IpsO3YOMGb3fgpjhCWMjh9UTHnKOBmObNeDGZ3sXgh8+FYkt6snRs0bYwW4 IcGpmEEgK+Id6n/0sG07Ntntb02EcCz3Vl8G0OflNQj/XOxHBuXbkFc36K2vpUDp dGrzGkIznA00Oz2UNlZrSrMWAQtKuHbB9+H2tU+7BNq+ag8= =RFix -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa480.patch" Content-Disposition: attachment; filename="xsa480.patch" Content-Transfer-Encoding: base64 RnJvbSA0NWY2ODY2ZTM0YjdlOWVlOGI2YWMxNmQ2NDZhMmU5NTRjOTdlNDhl IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBSb2dlciBQYXUgTW9u bmUgPHJvZ2VyLnBhdUBjaXRyaXguY29tPgpEYXRlOiBUdWUsIDE3IEZlYiAy MDI2IDA5OjMzOjQzICswMTAwClN1YmplY3Q6IFtQQVRDSF0geDg2L3AybTog aXNzdWUgYSBzeW5jIGZsdXNoIGJlZm9yZSBmcmVlaW5nIHBhZ2luZyBwYWdl cwpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6IHRleHQvcGxhaW47 IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp dAoKSW4gdGhlIEVQVCBpbXBsZW1lbnRhdGlvbiwgdGhlIGRlZmVyIGZsdXNo aW5nIGxvZ2ljIGlzIHVzZWQKdW5jb25kaXRpb25hbGx5LCBhbmQgdGhhdCB3 b3VsZCBsZWFkIHRvIHBhZ2luZyBtZW1vcnkgYmVpbmcgcmV0dXJuZWQgdG8g dGhlCnBhZ2luZyBwb29sIGJlZm9yZSBpdHMgcmVmZXJlbmNlcyBoYWQgYmVl biBmbHVzaGVkLgoKSXNzdWUgYW55IHBlbmRpbmcgZmx1c2hlcyBiZWZvcmUg ZnJlZWluZyB0aGUgcGFnaW5nIG1lbW9yeSBiYWNrIHRvIHRoZQpwb29sLgoK Tm90ZSBBTUQgKE5QVCkgYW5kIFNoYWRvdyBwYWdpbmcgYXJlIG5vdCBhZmZl Y3RlZCwgYXMgdGhleSBkb24ndCBpbXBsZW1lbnQKdGhlIGRlZmVycmVkIGZs dXNoaW5nIGxvZ2ljLgoKVGhpcyBpcyBYU0EtNDgwIC8gQ1ZFLTIwMjYtMjM1 NTQKCkZpeGVzOiA0YTU5ZTZiYjNhOTYgKCJ4ODYvRVBUOiBzcXVhc2ggbWVh bmluZ2xlc3MgVExCIGZsdXNoIikKU2lnbmVkLW9mZi1ieTogUm9nZXIgUGF1 IE1vbm7DqSA8cm9nZXIucGF1QGNpdHJpeC5jb20+ClJldmlld2VkLWJ5OiBK YW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQogeGVuL2FyY2gv eDg2L21tL3AybS5jIHwgNSArKysrKwogMSBmaWxlIGNoYW5nZWQsIDUgaW5z ZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YyBiL3hlbi9hcmNoL3g4Ni9tbS9wMm0uYwppbmRleCBlOTE1ZGEyNmE4MzIu LmZkZGVjZGY5NzhlYyAxMDA2NDQKLS0tIGEveGVuL2FyY2gveDg2L21tL3Ay bS5jCisrKyBiL3hlbi9hcmNoL3g4Ni9tbS9wMm0uYwpAQCAtNDc5LDYgKzQ3 OSwxMSBAQCB2b2lkIHAybV9mcmVlX3B0cChzdHJ1Y3QgcDJtX2RvbWFpbiAq cDJtLCBzdHJ1Y3QgcGFnZV9pbmZvICpwZykKICAgICBBU1NFUlQocDJtLT5k b21haW4pOwogICAgIEFTU0VSVChwMm0tPmRvbWFpbi0+YXJjaC5wYWdpbmcu ZnJlZV9wYWdlKTsKIAorICAgIC8qCisgICAgICogSXNzdWUgYW55IHBlbmRp bmcgZmx1c2ggaGVyZSwgaW4gY2FzZSBpdCB3YXMgZGVmZXJyZWQgYmVmb3Jl LiAgVGhlIHBhZ2UKKyAgICAgKiB3aWxsIGJlIHJldHVybmVkIHRvIHRoZSBw YWdpbmcgcG9vbCBub3cuCisgICAgICovCisgICAgcDJtX3RsYl9mbHVzaF9z eW5jKHAybSk7CiAgICAgcGFnZV9saXN0X2RlbChwZywgJnAybS0+cGFnZXMp OwogICAgIHAybS0+ZG9tYWluLT5hcmNoLnBhZ2luZy5mcmVlX3BhZ2UocDJt LT5kb21haW4sIHBnKTsKIAotLSAKMi41MS4wCgo= --=separator-- From xen-users-bounces@lists.xenproject.org Tue Mar 24 12:06:41 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 12:06:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260418.1553779 (Exim 4.92) (envelope-from ) id 1w50WG-0002b8-2S; Tue, 24 Mar 2026 12:06:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260418.1553779; Tue, 24 Mar 2026 12:06:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50WF-0002b1-VS; Tue, 24 Mar 2026 12:05:59 +0000 Received: by outflank-mailman (input) for mailman id 1260418; Tue, 24 Mar 2026 12:05:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50WE-00026T-5W for xen-users@lists.xen.org; Tue, 24 Mar 2026 12:05:58 +0000 Received: from mail.xenproject.org (mail.xenproject.org [104.130.215.37]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id cb885aae-2779-11f1-9ccf-f158ae23cfc8; Tue, 24 Mar 2026 13:05:51 +0100 (CET) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w50W0-007DT0-2n; Tue, 24 Mar 2026 12:05:44 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w50W0-00Bwo0-1i; Tue, 24 Mar 2026 12:05:44 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: cb885aae-2779-11f1-9ccf-f158ae23cfc8 Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Message-Id: Date: Tue, 24 Mar 2026 12:05:44 +0000 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory XSA-482 version 2 Linux privcmd driver can circumvent kernel lockdown UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown (secure boot), e.g. by modifying page tables to enable user mode to modify kernel memory. The CNA covering Linux has refused to assign a CVE at this juncture. IMPACT ====== An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel which should not be possible in secure mode. VULNERABLE SYSTEMS ================== PV, PVH and HVM guests running Linux using secure boot are vulnerable. BSD based systems are believed not to be vulnerable due to a lack of secure boot support. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Teddy Astie of Vates. RESOLUTION ========== Applying the set of attached patches resolves this issue. xsa482-linux-?.patch Linux $ sha256sum xsa482* a4e67d2c773e2e13252337e4b64c08b342c0eb2e0e92271a79dc588ac34e7c3a xsa482-linux-1.patch dd952c1fc49ceb47803b78e15cfe3f7f11a845b29c6b2a80afa7a9eaa60a00ec xsa482-linux-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because the patches need to be applied to the guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmnCffYMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZLUIIAIU0v7T3tT1Jc2UeanX2sj2aycfKjpCCoAxTtFcG qKdhneXhKQ3ofWH3SSRmuNfA6L1jVPyh7bUYLMpNQp4WfsCUj0RNcjXhdxYIldTP KLi+mhekZzjarClj+X9eQOQf0DaGGy1dG1SUfETHuumOcm7CVbRDKF9nXVv6g4Dd CCnDuXjK2M9Q91shdDAUI7I41oQL3k85UTpPwwtAs1subKCJsgbKIBdikw3Bdm4c TBkqTyjFCiLiLXcqcY7qQo/IcfJ9mn0z3Jc0M4V12Am6DdLrypO0LU3YcVRH3qT9 /5L5It2HKjoFRp+6yEb7yfBkavXQgaGwCSnROUC7dn41pM8= =mibo -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa482-linux-1.patch" Content-Disposition: attachment; filename="xsa482-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjVmMjA1MmZjYjUyYjllMjZlMTQ2Nzg5MzU5ZjQ1MjJjZWVkZDFi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgOSBPY3QgMjAyNSAxNjo1 NDo1OCArMDIwMApTdWJqZWN0OiBbUEFUQ0ggdjMgMS8yXSB4ZW4vcHJpdmNt ZDogcmVzdHJpY3QgdXNhZ2UgaW4gdW5wcml2aWxlZ2VkIGRvbVUKClRoZSBY ZW4gcHJpdmNtZCBkcml2ZXIgYWxsb3dzIHRvIGlzc3VlIGFyYml0cmFyeSBo eXBlcmNhbGxzIGZyb20KdXNlciBzcGFjZSBwcm9jZXNzZXMuIFRoaXMgaXMg bm9ybWFsbHkgbm8gcHJvYmxlbSwgYXMgYWNjZXNzIGlzCnVzdWFsbHkgbGlt aXRlZCB0byByb290IGFuZCB0aGUgaHlwZXJ2aXNvciB3aWxsIGRlbnkgYW55 IGh5cGVyY2FsbHMKYWZmZWN0aW5nIG90aGVyIGRvbWFpbnMuCgpJbiBjYXNl IHRoZSBndWVzdCBpcyBib290ZWQgdXNpbmcgc2VjdXJlIGJvb3QsIGhvd2V2 ZXIsIHRoZSBwcml2Y21kCmRyaXZlciB3b3VsZCBiZSBlbmFibGluZyBhIHJv b3QgdXNlciBwcm9jZXNzIHRvIG1vZGlmeSBlLmcuIGtlcm5lbAptZW1vcnkg Y29udGVudHMsIHRodXMgYnJlYWtpbmcgdGhlIHNlY3VyZSBib290IGZlYXR1 cmUuCgpUaGUgb25seSBrbm93biBjYXNlIHdoZXJlIGFuIHVucHJpdmlsZWdl ZCBkb21VIGlzIHJlYWxseSBuZWVkaW5nIHRvCnVzZSB0aGUgcHJpdmNtZCBk cml2ZXIgaXMgdGhlIGNhc2Ugd2hlbiBpdCBpcyBhY3RpbmcgYXMgdGhlIGRl dmljZQptb2RlbCBmb3IgYW5vdGhlciBndWVzdC4gSW4gdGhpcyBjYXNlIGFs bCBoeXBlcmNhbGxzIGlzc3VlZCB2aWEgdGhlCnByaXZjbWQgZHJpdmVyIHdp bGwgdGFyZ2V0IHRoYXQgb3RoZXIgZ3Vlc3QuCgpGb3J0dW5hdGVseSB0aGUg cHJpdmNtZCBkcml2ZXIgY2FuIGFscmVhZHkgYmUgbG9ja2VkIGRvd24gdG8g YWxsb3cKb25seSBoeXBlcmNhbGxzIHRhcmdldGluZyBhIHNwZWNpZmljIGRv bWFpbiwgYnV0IHRoaXMgbW9kZSBjYW4gYmUKYWN0aXZhdGVkIGZyb20gdXNl ciBsYW5kIG9ubHkgdG9kYXkuCgpUaGUgdGFyZ2V0IGRvbWFpbiBjYW4gYmUg b2J0YWluZWQgZnJvbSBYZW5zdG9yZSwgc28gd2hlbiBub3QgcnVubmluZwpp biBkb20wIHJlc3RyaWN0IHRoZSBwcml2Y21kIGRyaXZlciB0byB0aGF0IHRh cmdldCBkb21haW4gZnJvbSB0aGUKYmVnaW5uaW5nLCByZXNvbHZpbmcgdGhl IHBvdGVudGlhbCBwcm9ibGVtIG9mIGJyZWFraW5nIHNlY3VyZSBib290LgoK VGhpcyBpcyBYU0EtNDgyIC8gQ1ZFID8/PwoKUmVwb3J0ZWQtYnk6IFRlZGR5 IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpGaXhlczogMWM1ZGUx OTM5YzIwICgieGVuOiBhZGQgcHJpdmNtZCBkcml2ZXIiKQpTaWduZWQtb2Zm LWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+Ci0tLQogZHJp dmVycy94ZW4vcHJpdmNtZC5jIHwgNjAgKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDU3IGlu c2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJp dmVycy94ZW4vcHJpdmNtZC5jIGIvZHJpdmVycy94ZW4vcHJpdmNtZC5jCmlu ZGV4IDE3NTljYzE4NzUzZi4uYTgzYmFkNjlmNGYyIDEwMDY0NAotLS0gYS9k cml2ZXJzL3hlbi9wcml2Y21kLmMKKysrIGIvZHJpdmVycy94ZW4vcHJpdmNt ZC5jCkBAIC0xMiw2ICsxMiw3IEBACiAjaW5jbHVkZSA8bGludXgvZXZlbnRm ZC5oPgogI2luY2x1ZGUgPGxpbnV4L2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9rZXJuZWwuaD4KKyNpbmNsdWRlIDxsaW51eC9rc3RydG94Lmg+CiAjaW5j bHVkZSA8bGludXgvbW9kdWxlLmg+CiAjaW5jbHVkZSA8bGludXgvbXV0ZXgu aD4KICNpbmNsdWRlIDxsaW51eC9wb2xsLmg+CkBAIC0zMCw3ICszMSw5IEBA CiAjaW5jbHVkZSA8bGludXgvc2VxX2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9taXNjZGV2aWNlLmg+CiAjaW5jbHVkZSA8bGludXgvbW9kdWxlcGFyYW0u aD4KKyNpbmNsdWRlIDxsaW51eC9ub3RpZmllci5oPgogI2luY2x1ZGUgPGxp bnV4L3ZpcnRpb19tbWlvLmg+CisjaW5jbHVkZSA8bGludXgvd2FpdC5oPgog CiAjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZpc29yLmg+CiAjaW5jbHVkZSA8 YXNtL3hlbi9oeXBlcmNhbGwuaD4KQEAgLTQ2LDYgKzQ5LDcgQEAKICNpbmNs dWRlIDx4ZW4vcGFnZS5oPgogI2luY2x1ZGUgPHhlbi94ZW4tb3BzLmg+CiAj aW5jbHVkZSA8eGVuL2JhbGxvb24uaD4KKyNpbmNsdWRlIDx4ZW4veGVuYnVz Lmg+CiAjaWZkZWYgQ09ORklHX1hFTl9BQ1BJCiAjaW5jbHVkZSA8eGVuL2Fj cGkuaD4KICNlbmRpZgpAQCAtNzIsNiArNzYsMTEgQEAgc3RydWN0IHByaXZj bWRfZGF0YSB7CiAJZG9taWRfdCBkb21pZDsKIH07CiAKKy8qIERPTUlEX0lO VkFMSUQgaW1wbGllcyBubyByZXN0cmljdGlvbiAqLworc3RhdGljIGRvbWlk X3QgdGFyZ2V0X2RvbWFpbiA9IERPTUlEX0lOVkFMSUQ7CitzdGF0aWMgYm9v bCByZXN0cmljdF93YWl0Oworc3RhdGljIERFQ0xBUkVfV0FJVF9RVUVVRV9I RUFEKHJlc3RyaWN0X3dhaXRfd3EpOworCiBzdGF0aWMgaW50IHByaXZjbWRf dm1hX3JhbmdlX2lzX21hcHBlZCgKICAgICAgICAgICAgICAgIHN0cnVjdCB2 bV9hcmVhX3N0cnVjdCAqdm1hLAogICAgICAgICAgICAgICAgdW5zaWduZWQg bG9uZyBhZGRyLApAQCAtMTU2MywxMyArMTU3MiwxNiBAQCBzdGF0aWMgbG9u ZyBwcml2Y21kX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLAogCiBzdGF0aWMg aW50IHByaXZjbWRfb3BlbihzdHJ1Y3QgaW5vZGUgKmlubywgc3RydWN0IGZp bGUgKmZpbGUpCiB7Ci0Jc3RydWN0IHByaXZjbWRfZGF0YSAqZGF0YSA9IGt6 YWxsb2Nfb2JqKCpkYXRhKTsKKwlzdHJ1Y3QgcHJpdmNtZF9kYXRhICpkYXRh OworCisJaWYgKHdhaXRfZXZlbnRfaW50ZXJydXB0aWJsZShyZXN0cmljdF93 YWl0X3dxLCAhcmVzdHJpY3Rfd2FpdCkgPCAwKQorCQlyZXR1cm4gLUVJTlRS OwogCisJZGF0YSA9IGt6YWxsb2Nfb2JqKCpkYXRhKTsKIAlpZiAoIWRhdGEp CiAJCXJldHVybiAtRU5PTUVNOwogCi0JLyogRE9NSURfSU5WQUxJRCBpbXBs aWVzIG5vIHJlc3RyaWN0aW9uICovCi0JZGF0YS0+ZG9taWQgPSBET01JRF9J TlZBTElEOworCWRhdGEtPmRvbWlkID0gdGFyZ2V0X2RvbWFpbjsKIAogCWZp bGUtPnByaXZhdGVfZGF0YSA9IGRhdGE7CiAJcmV0dXJuIDA7CkBAIC0xNjYy LDYgKzE2NzQsNDUgQEAgc3RhdGljIHN0cnVjdCBtaXNjZGV2aWNlIHByaXZj bWRfZGV2ID0gewogCS5mb3BzID0gJnhlbl9wcml2Y21kX2ZvcHMsCiB9Owog CitzdGF0aWMgaW50IGluaXRfcmVzdHJpY3Qoc3RydWN0IG5vdGlmaWVyX2Js b2NrICpub3RpZmllciwKKwkJCSB1bnNpZ25lZCBsb25nIGV2ZW50LAorCQkJ IHZvaWQgKmRhdGEpCit7CisJY2hhciAqdGFyZ2V0OworCXVuc2lnbmVkIGlu dCBkb21pZDsKKworCS8qIERlZmF1bHQgdG8gYW4gZ3VhcmFudGVlZCB1bnVz ZWQgZG9tYWluLWlkLiAqLworCXRhcmdldF9kb21haW4gPSBET01JRF9JRExF OworCisJdGFyZ2V0ID0geGVuYnVzX3JlYWQoWEJUX05JTCwgInRhcmdldCIs ICIiLCBOVUxMKTsKKwlpZiAoSVNfRVJSKHRhcmdldCkgfHwga3N0cnRvdWlu dCh0YXJnZXQsIDEwLCAmZG9taWQpKSB7CisJCXByX2VycigiTm8gdGFyZ2V0 IGRvbWFpbiBmb3VuZCwgYmxvY2tpbmcgYWxsIGh5cGVyY2FsbHNcbiIpOwor CQlnb3RvIG91dDsKKwl9CisKKwl0YXJnZXRfZG9tYWluID0gZG9taWQ7CisK KyBvdXQ6CisJaWYgKCFJU19FUlIodGFyZ2V0KSkKKwkJa2ZyZWUodGFyZ2V0 KTsKKworCXJlc3RyaWN0X3dhaXQgPSBmYWxzZTsKKwl3YWtlX3VwX2FsbCgm cmVzdHJpY3Rfd2FpdF93cSk7CisKKwlyZXR1cm4gTk9USUZZX0RPTkU7Cit9 CisKK3N0YXRpYyBzdHJ1Y3Qgbm90aWZpZXJfYmxvY2sgeGVuc3RvcmVfbm90 aWZpZXIgPSB7CisJLm5vdGlmaWVyX2NhbGwgPSBpbml0X3Jlc3RyaWN0LAor fTsKKworc3RhdGljIHZvaWQgX19pbml0IHJlc3RyaWN0X2RyaXZlcih2b2lk KQoreworCXJlc3RyaWN0X3dhaXQgPSB0cnVlOworCisJcmVnaXN0ZXJfeGVu c3RvcmVfbm90aWZpZXIoJnhlbnN0b3JlX25vdGlmaWVyKTsKK30KKwogc3Rh dGljIGludCBfX2luaXQgcHJpdmNtZF9pbml0KHZvaWQpCiB7CiAJaW50IGVy cjsKQEAgLTE2NjksNiArMTcyMCw5IEBAIHN0YXRpYyBpbnQgX19pbml0IHBy aXZjbWRfaW5pdCh2b2lkKQogCWlmICgheGVuX2RvbWFpbigpKQogCQlyZXR1 cm4gLUVOT0RFVjsKIAorCWlmICgheGVuX2luaXRpYWxfZG9tYWluKCkpCisJ CXJlc3RyaWN0X2RyaXZlcigpOworCiAJZXJyID0gbWlzY19yZWdpc3Rlcigm cHJpdmNtZF9kZXYpOwogCWlmIChlcnIgIT0gMCkgewogCQlwcl9lcnIoIkNv dWxkIG5vdCByZWdpc3RlciBYZW4gcHJpdmNtZCBkZXZpY2VcbiIpOwotLSAK Mi41My4wCgo= --=separator Content-Type: application/octet-stream; name="xsa482-linux-2.patch" Content-Disposition: attachment; filename="xsa482-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA2ZjY5MThmZTFkZDQ1OTBlMDBmZjk1OTAwODZmYWIwOGQ5Mjg0MDVi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFR1ZSwgMTQgT2N0IDIwMjUgMTM6 Mjg6MTUgKzAyMDAKU3ViamVjdDogW1BBVENIIHYzIDIvMl0geGVuL3ByaXZj bWQ6IGFkZCBib290IGNvbnRyb2wgZm9yIHJlc3RyaWN0ZWQgdXNhZ2UgaW4K IGRvbVUKCldoZW4gcnVubmluZyBpbiBhbiB1bnByaXZpbGVnZWQgZG9tVSB1 bmRlciBYZW4sIHRoZSBwcml2Y21kIGRyaXZlcgppcyByZXN0cmljdGVkIHRv IGFsbG93IG9ubHkgaHlwZXJjYWxscyBhZ2FpbnN0IGEgdGFyZ2V0IGRvbWFp biwgZm9yCndoaWNoIHRoZSBjdXJyZW50IGRvbVUgaXMgYWN0aW5nIGFzIGEg ZGV2aWNlIG1vZGVsLgoKQWRkIGEgYm9vdCBwYXJhbWV0ZXIgInVucmVzdHJp Y3RlZCIgdG8gYWxsb3cgYWxsIGh5cGVyY2FsbHMgKHRoZQpoeXBlcnZpc29y IHdpbGwgc3RpbGwgcmVmdXNlIGRlc3RydWN0aXZlIGh5cGVyY2FsbHMgYWZm ZWN0aW5nIG90aGVyCmd1ZXN0cykuCgpNYWtlIHRoaXMgbmV3IHBhcmFtZXRl ciBlZmZlY3RpdmUgb25seSBpbiBjYXNlIHRoZSBkb21VIHdhc24ndCBzdGFy dGVkCnVzaW5nIHNlY3VyZSBib290LCBhcyBvdGhlcndpc2UgaHlwZXJjYWxs cyB0YXJnZXRpbmcgdGhlIGRvbVUgaXRzZWxmCm1pZ2h0IHJlc3VsdCBpbiB2 aW9sYXRpbmcgdGhlIHNlY3VyZSBib290IGZ1bmN0aW9uYWxpdHkuCgpUaGlz IGlzIGFjaGlldmVkIGJ5IGFkZGluZyBhbm90aGVyIGxvY2tkb3duIHJlYXNv biwgd2hpY2ggY2FuIGJlCnRlc3RlZCB0byBub3QgYmVpbmcgc2V0IHdoZW4g YXBwbHlpbmcgdGhlICJ1bnJlc3RyaWN0ZWQiIG9wdGlvbi4KClRoaXMgaXMg cGFydCBvZiBYU0EtNDgyIC8gQ1ZFLT8/PwoKU2lnbmVkLW9mZi1ieTogSnVl cmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgotLS0KIGRyaXZlcnMveGVu L3ByaXZjbWQuYyAgICB8IDEzICsrKysrKysrKysrKysKIGluY2x1ZGUvbGlu dXgvc2VjdXJpdHkuaCB8ICAxICsKIHNlY3VyaXR5L3NlY3VyaXR5LmMgICAg ICB8ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3ByaXZjbWQuYyBiL2RyaXZlcnMv eGVuL3ByaXZjbWQuYwppbmRleCBhODNiYWQ2OWY0ZjIuLmJiZjllZTIxMzA2 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4vcHJpdmNtZC5jCisrKyBiL2Ry aXZlcnMveGVuL3ByaXZjbWQuYwpAQCAtMzIsNiArMzIsNyBAQAogI2luY2x1 ZGUgPGxpbnV4L21pc2NkZXZpY2UuaD4KICNpbmNsdWRlIDxsaW51eC9tb2R1 bGVwYXJhbS5oPgogI2luY2x1ZGUgPGxpbnV4L25vdGlmaWVyLmg+CisjaW5j bHVkZSA8bGludXgvc2VjdXJpdHkuaD4KICNpbmNsdWRlIDxsaW51eC92aXJ0 aW9fbW1pby5oPgogI2luY2x1ZGUgPGxpbnV4L3dhaXQuaD4KIApAQCAtNzIs NiArNzMsMTEgQEAgbW9kdWxlX3BhcmFtX25hbWVkKGRtX29wX2J1Zl9tYXhf c2l6ZSwgcHJpdmNtZF9kbV9vcF9idWZfbWF4X3NpemUsIHVpbnQsCiBNT0RV TEVfUEFSTV9ERVNDKGRtX29wX2J1Zl9tYXhfc2l6ZSwKIAkJICJNYXhpbXVt IHNpemUgb2YgYSBkbV9vcCBoeXBlcmNhbGwgYnVmZmVyIik7CiAKK3N0YXRp YyBib29sIHVucmVzdHJpY3RlZDsKK21vZHVsZV9wYXJhbSh1bnJlc3RyaWN0 ZWQsIGJvb2wsIDApOworTU9EVUxFX1BBUk1fREVTQyh1bnJlc3RyaWN0ZWQs CisJIkRvbid0IHJlc3RyaWN0IGh5cGVyY2FsbHMgdG8gdGFyZ2V0IGRvbWFp biBpZiBydW5uaW5nIGluIGEgZG9tVSIpOworCiBzdHJ1Y3QgcHJpdmNtZF9k YXRhIHsKIAlkb21pZF90IGRvbWlkOwogfTsKQEAgLTE3MDgsNiArMTcxNCwx MyBAQCBzdGF0aWMgc3RydWN0IG5vdGlmaWVyX2Jsb2NrIHhlbnN0b3JlX25v dGlmaWVyID0gewogCiBzdGF0aWMgdm9pZCBfX2luaXQgcmVzdHJpY3RfZHJp dmVyKHZvaWQpCiB7CisJaWYgKHVucmVzdHJpY3RlZCkgeworCQlpZiAoc2Vj dXJpdHlfbG9ja2VkX2Rvd24oTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OUykp CisJCQlwcl93YXJuKCJLZXJuZWwgaXMgbG9ja2VkIGRvd24sIHBhcmFtZXRl ciBcInVucmVzdHJpY3RlZFwiIGlnbm9yZWRcbiIpOworCQllbHNlCisJCQly ZXR1cm47CisJfQorCiAJcmVzdHJpY3Rfd2FpdCA9IHRydWU7CiAKIAlyZWdp c3Rlcl94ZW5zdG9yZV9ub3RpZmllcigmeGVuc3RvcmVfbm90aWZpZXIpOwpk aWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oIGIvaW5jbHVk ZS9saW51eC9zZWN1cml0eS5oCmluZGV4IDgzYTY0NmQ3MmY2Zi4uZWU4OGRk MmQyZDFmIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NlY3VyaXR5LmgK KysrIGIvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oCkBAIC0xNDUsNiArMTQ1 LDcgQEAgZW51bSBsb2NrZG93bl9yZWFzb24gewogCUxPQ0tET1dOX0JQRl9X UklURV9VU0VSLAogCUxPQ0tET1dOX0RCR19XUklURV9LRVJORUwsCiAJTE9D S0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT04sCisJTE9DS0RPV05fWEVOX1VT RVJfQUNUSU9OUywKIAlMT0NLRE9XTl9JTlRFR1JJVFlfTUFYLAogCUxPQ0tE T1dOX0tDT1JFLAogCUxPQ0tET1dOX0tQUk9CRVMsCmRpZmYgLS1naXQgYS9z ZWN1cml0eS9zZWN1cml0eS5jIGIvc2VjdXJpdHkvc2VjdXJpdHkuYwppbmRl eCA2N2FmOTIyOGM0ZTkuLmEyNmMxNDc0ZTJlNCAxMDA2NDQKLS0tIGEvc2Vj dXJpdHkvc2VjdXJpdHkuYworKysgYi9zZWN1cml0eS9zZWN1cml0eS5jCkBA IC02MSw2ICs2MSw3IEBAIGNvbnN0IGNoYXIgKmNvbnN0IGxvY2tkb3duX3Jl YXNvbnNbTE9DS0RPV05fQ09ORklERU5USUFMSVRZX01BWCArIDFdID0gewog CVtMT0NLRE9XTl9CUEZfV1JJVEVfVVNFUl0gPSAidXNlIG9mIGJwZiB0byB3 cml0ZSB1c2VyIFJBTSIsCiAJW0xPQ0tET1dOX0RCR19XUklURV9LRVJORUxd ID0gInVzZSBvZiBrZ2RiL2tkYiB0byB3cml0ZSBrZXJuZWwgUkFNIiwKIAlb TE9DS0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT05dID0gIlJUQVMgZXJyb3Ig aW5qZWN0aW9uIiwKKwlbTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OU10gPSAi WGVuIGd1ZXN0IHVzZXIgYWN0aW9uIiwKIAlbTE9DS0RPV05fSU5URUdSSVRZ X01BWF0gPSAiaW50ZWdyaXR5IiwKIAlbTE9DS0RPV05fS0NPUkVdID0gIi9w cm9jL2tjb3JlIGFjY2VzcyIsCiAJW0xPQ0tET1dOX0tQUk9CRVNdID0gInVz ZSBvZiBrcHJvYmVzIiwKLS0gCjIuNTMuMAoK --=separator-- From xen-users-bounces@lists.xenproject.org Tue Mar 24 12:18:10 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 12:18:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260505.1553809 (Exim 4.92) (envelope-from ) id 1w50he-0006I2-0a; Tue, 24 Mar 2026 12:17:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260505.1553809; Tue, 24 Mar 2026 12:17:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50hd-0006H5-U2; Tue, 24 Mar 2026 12:17:45 +0000 Received: by outflank-mailman (input) for mailman id 1260505; Tue, 24 Mar 2026 12:17:44 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50hc-0006Ak-1I; Tue, 24 Mar 2026 12:17:44 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w50hZ-008qFY-O6; Tue, 24 Mar 2026 13:17:43 +0100 Received: from [10.42.69.4] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c280e0-2eae-0a2a0a5409dd-0a2a4504e370-18 for ; Tue, 24 Mar 2026 13:17:43 +0100 Received: from [40.107.200.22] (helo=CH5PR02CU005.outbound.protection.outlook.com) by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c280e5-c823-0a2a45040019-286bc8164016-3 for ; Tue, 24 Mar 2026 13:17:42 +0100 Received: from CH8PR03MB8275.namprd03.prod.outlook.com (2603:10b6:610:2b9::7) by BY1PR03MB7876.namprd03.prod.outlook.com (2603:10b6:a03:5b7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.31; Tue, 24 Mar 2026 12:17:11 +0000 Received: from CH8PR03MB8275.namprd03.prod.outlook.com ([fe80::a70d:dc32:bba8:ce37]) by CH8PR03MB8275.namprd03.prod.outlook.com ([fe80::a70d:dc32:bba8:ce37%6]) with mapi id 15.20.9723.030; Tue, 24 Mar 2026 12:17:28 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SEFF6EiVhC1DVQyCkq3R+UcyMlepVpjRI0H4bBXUdBsQBnJaXaAFylhwpTQeWIQnvjsPlRVHNH5QoSXPnmV4E/gKovrGC7PacXi4IPIyDER63MU5QUS0WCJ+14J+w+5n3ayfQ8VjZm86VRr+9TtbSo2z1jd6lBcWU4N5FKHSdZ8arufnIRfdWAV/9vHnWTKPmlntyT7Y5kgxyIJYoIE3NC08kKJ+yEEbknrpN9i/YPQpv8v7GF5oUZnmdll9ggGFwIrjzVLhGKQ+yfoMJqWsIiSEObp3HSPHPOUdVj6nWOwZbZKq6AigaFUyQLTiUNEpcB0ExwPX+fdOT7vWItVB+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k7fFmcOHa9xrVsy3zFKKwj0AreCu1/WA3CgGLbcb7C4=; b=nzGfVhC1ikQmRvnIZRlOFNijZeMc05n0S7iBb4x+LY5ehsOGJXPMHCgzEhAcN4fMuETBuYbCHqw+BHbNQrEtDqBxQhXuAVhhFgy7p3hYRuobClvUlvEN0FkwQfOvcatFUAIeNf4wAZsd+fmOjxpIcmvy/7eEZJDV2ZQ+Kg69ZucWbA1DWcT1Y4R9MFbc9+HlLuMjUaUn/KUWxgtxAk4vaUoq+rOnJltaq9XZ+JX/HJcZEZlRIfgfa+aHxOcX6NPa42Zh5bUkkXnfRIo65cr56g3PWmq3J8Lq+ZqGOsY+FDAQA/qeW3mkiThdmAjpa9huqa1lmtUypQSOmb0S+/8UOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k7fFmcOHa9xrVsy3zFKKwj0AreCu1/WA3CgGLbcb7C4=; b=iDhZNazq18VSRZSA6ymeXuMzhl0c6qeK8ed8WImCmNTvR6uiU9Q5A8yBVGEyPV7XpphNa6ZiXsTCdimJbVbzWzKafquzfcUgDGobdfnNkOtbAdOm+nxiijr5cDuIfuuQrWk9xBYEwhRV1LQ5DwYvuwUc4wxvoRu3T36QKShxt10= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com; Message-ID: Date: Tue, 24 Mar 2026 12:17:34 +0000 User-Agent: Mozilla Thunderbird Cc: Andrew Cooper , xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, "Xen.org security team" Subject: Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown To: Greg KH , oss-security@lists.openwall.com References: <2026032453-departed-thrash-f153@gregkh> Content-Language: en-GB From: Andrew Cooper In-Reply-To: <2026032453-departed-thrash-f153@gregkh> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ClientProxiedBy: LO0P123CA0013.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:354::6) To CH8PR03MB8275.namprd03.prod.outlook.com (2603:10b6:610:2b9::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH8PR03MB8275:EE_|BY1PR03MB7876:EE_ X-MS-Office365-Filtering-Correlation-Id: add4df25-f564-4f2e-8303-08de899f50cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: 2yodM/wHZPp5oJZ9kIXMYuK5wMbRopQkSntfz7ImwLBSskgT61h+3nbPzkhDjN0fxJtlDT1lYrjtTurAfI0HGKJpKYlXoLEXTXiSME6hYdl/hOlpUA+1xjErINzly5nxlTyHV2d+RkTbx24txe7emgpOiILkPbNOeRqO22M9WScV855/9MhE4CCDqjdaHZ9MaMgub7GwGGvjjDU99cfVUAY2Cu51VB1zt9O8zADLxAuuc2eZWQS1QRViwDnY0wKDH77mv0F9qxmK3rHtj6lNzDwIhtkS9NI83KESxdiyyXja7+h0K7fYwqo9wNw05Akur/IWn7eEVF6Aq8Kr/qv47lat1Cjeg2eyxncmPvryTbr77vr+k4BSvw4tOKFchfkCIctPMrEgsNkSojmOX05TGqZVrluF/s8HSRMxMqBRabLAeDJhlDA709cZ2bsgWjM+E5j2XUyMlkb0Zb4i66C5wxedvEF4Mh7LUnKQXvdEDJyutPucNHuZ+p7zNt0J6xqtgGFkuuOMSfAIX+MTONMAseZ1BobrBhQ1k4ozr+j+qyc5AO9yXjavE0fX9d07lPVAN7ox+Qb6sEtKlyOhBYndOoU5FStuhGJQQy9z1NgPej8Tuhm7bPZZfE4mSUPv8r1FRMlxx4eeQkDrWgo9COIjl8eYvBl+EGO+rYGnEFD2XGdDFKvpeoei5ceEDkQvmR4O3CSeSGnvboLB+pSEMdM3vNwW+krbG2uocZnGiZqKtmw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH8PR03MB8275.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NDl5Rkl5Mkw1a0V1bENZWDNjcUtuMDJZZVptemtWSWVIUlB2VTF1OEdkaHNx?= =?utf-8?B?UHRyQVR5TXpGdTBrQkZmMjBOVW42eml4NGJQekJNUFhkcTBuUjRtblUxbmNT?= =?utf-8?B?N2NoRXBlaTdnN2RHR20zT2dIZzFTRm80TlJUUTdjUU45ZzR2L0Z3RWN6Wlky?= =?utf-8?B?MlpjTVYwREFzeTJaYWVCbVJSZm1GVzdlNXM0S3MxWmhzWkJ5YXo2OE92MGVQ?= =?utf-8?B?VHl2SUxVeWxFd2VvMUM2eDMvTkR0Y3BpMlB0VVgreEU5K2xrRDdCd0FBTlZm?= =?utf-8?B?ZUMvTVYwcGFMSmUzamZIaW5VK1BPeDhpN0xPZmpwRVRGRmtGeDNnSStMbXJN?= =?utf-8?B?TlZqWThqRzUyMEFHM3A4eDRmMVVQMDJpbGFvd2NwN05BeDJOVmxneGJ3QVBK?= =?utf-8?B?dUZoWTJwdWNDRGdKM003Uy9TeGxPejZZRWNMeGkwNy9jc3BVL1N0eHpOWnJV?= =?utf-8?B?WDlOaW5CYlArb0R0SXNUOVFPV3FJbWpkY0MyTGZtWXdJcG9qMXYzOHdESFZz?= =?utf-8?B?WUQvNWRxalBrd1owL085UkVaS2taTjQvRC81SGRleFIrZytOVDdqNlRpalJx?= =?utf-8?B?UURvdjIvdCtId2MvdHMxakVPWE10ZUhKVjVYeXpCbE05VEhmdmE2MWdkR1Rq?= =?utf-8?B?RExrZExuYXpqTjBqcDkrNTRtZ21WQms2L3N3cTB0UVJYcUhBWGs5Qlhod2NZ?= =?utf-8?B?T2RDY2xVdGY1OWpDSDI5S21rSTdwaHdFVWVMUGlodVVUeWNUcVdtcTVFRUQ0?= =?utf-8?B?ZS9vdmZlTVNWOVEvbmZBU1RDYjhCdFF4b1pOVFUvNFdTcDd4R1NPdE1kendL?= =?utf-8?B?OEFIYjBKdDZteHZQS3FHNGZHY09YWTJaNVc4MmF5UWZWMUJjMkU5cDJ6cXBl?= =?utf-8?B?eUp3VFlyb3h1WTBxOVZrS2ZoZUltaUFWa0JtNmoyY2VkMVVUTkJKYXk2cGlO?= =?utf-8?B?TXBDUjJiblFiUXhGcFpvVXVHN09WU2NmaHo0azJvbmJIVjF2cW9aeGFaS3c5?= =?utf-8?B?UXRwVXR3bXJ6MFE2aHZqRHdaeG16eXYvNVEvZzgvSDBKcFIzb3gza0tOMWJQ?= =?utf-8?B?REUzZC9CRHpyNkpFZ0Q0YURudjltMGhLMWsrTlR5bWVTZXBYQ3hCam5MQlFl?= =?utf-8?B?cldIcTVYa2JWQXdPRnZvVS9SYkZuMnBCeHYyWExDb2ZvSkw5b0kwR29EK3NB?= =?utf-8?B?U2RJYmFDN21NVXh5eGlxRURGaUNyajdjWDlTSzBiQ25kRFM5dGhOcWJUOHEx?= =?utf-8?B?UnFBK0NscmZOYzBod05yR21EY2prS01OWVdVNENnQjNvcHJuRmR6WkhuazFv?= =?utf-8?B?OGxUSUZHRFErUkY3WmVHVHB5R2VTcDZ6WWdySUcvcG9YcTdQa0lNYnhqNEpZ?= =?utf-8?B?bnAxNVQ4QmxnRUtMNVVmZCsyZEpVZUExN0lFQk5NRERCLzgySjMxUGJzUHpW?= =?utf-8?B?Rk5mN1JDY3RYdTBkM1lsWnYwZWE0bnZsa1MreXZsT3k0bWpNWmdxRHp3T0hR?= =?utf-8?B?WXlNNnBMRTh5Y3NvVHgvZzFsaVFaa0N3SEJiMUpjWEZDSGwwU0tGeWxCeWtH?= =?utf-8?B?aDdkeSt4T2tRUjNzT0ZqWW1WbXpzVW0rU0pPb00xc1hJVkRHT0NrbUhseHBw?= =?utf-8?B?WjRPWndrZm00VjhQdVZXaGxjSU9TeC9EY1NoWkFETXpqUVJJd0Q4V2NrckEy?= =?utf-8?B?V1ZkUUhNd2xtbkowc2NUMlVEMHRQNjk1dVZjMm9IUzB3WmExOFB2ajE5MXdT?= =?utf-8?B?SURtL0ErMGloS2xpTnprdUtpK28wVk9PYjdDZkt1YndUVnVDUDQ1L25OUDV5?= =?utf-8?B?dnFCUG8wd1hKcmpaVG9VaXRWcWMyeDhpb0p4aTVaZlJIOVNpRnJReURPWG9X?= =?utf-8?B?VmRwSlR1S1dWZjVHS0xmMnNOZ1R2emV1aFF6a2RBRFNVeGQzUXo5bUlURVlZ?= =?utf-8?B?T3NYSngwcmpmeER0MWs3Y0ozSzdrNEN1WE9rWk4xWEpCckd6YmNpazZONkFS?= =?utf-8?B?RzQvTnBNLzJXY1BPVGtwTzFVUTdESXljejlJdk5vRk1UZC9ITzRnYVFyODE4?= =?utf-8?B?SURES1VhaWdmMGorb3hmR1BML1ZIWlVuWFZlc1k0aXJlR0JnN3ZyanhEYm1j?= =?utf-8?B?THRFbTYwOTE2NENtOEd2Zjdld0pDVDl5a1ZMU0Vpa3d3UXlPejQxcnhyUlNH?= =?utf-8?B?eUV2MjU0U05qSlZJaUpBUGQydGZaUFY4dFZlTjd4K0pUUHNXTjRGUWVIRXVh?= =?utf-8?B?N2JsdkZBamtyZFdQL1k5RTNYTy9TVjEzYitSbFM3eFYxYm5EVldrcDhNUXFF?= =?utf-8?B?ZjdrbVUybUlLS01EbzlWbERFTkhsUDhjMmp3OWk3UENvdnJvQUF4blJlLzdu?= =?utf-8?Q?WC1h69qyau7QsbHU=3D?= X-OriginatorOrg: citrix.com X-MS-Exchange-CrossTenant-Network-Message-Id: add4df25-f564-4f2e-8303-08de899f50cc X-MS-Exchange-CrossTenant-AuthSource: CH8PR03MB8275.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2026 12:17:28.2983 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SXubtVYsvU7CI6DzzV8RSsHRFeyHAyQvt8AGGVXifLgQchY3GPU6cpxipK3Jy1fP8g8/Eird+lo9tU4941MacBg0zqBk9ha6HuQ7utm71zo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR03MB7876 X-purgate-ID: tlsNG-ebf023/1774354663-124769D1-F2F3666C/0/0 X-purgate-type: clean X-purgate-size: 822 On 24/03/2026 12:16 pm, Greg KH wrote: > On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Xen Security Advisory XSA-482 >> version 2 >> >> Linux privcmd driver can circumvent kernel lockdown >> >> UPDATES IN VERSION 2 >> ==================== >> >> Public release. >> >> ISSUE DESCRIPTION >> ================= >> >> The Linux kernel's privcmd driver can be abused to circumvent kernel >> lockdown (secure boot), e.g. by modifying page tables to enable user >> mode to modify kernel memory. >> >> The CNA covering Linux has refused to assign a CVE at this juncture. > This is now assigned to CVE-2026-31788 Thankyou.  I'll send out an update. ~Andrew From xen-users-bounces@lists.xenproject.org Tue Mar 24 12:41:33 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 12:41:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260676.1553935 (Exim 4.92) (envelope-from ) id 1w514F-0008Sf-6v; Tue, 24 Mar 2026 12:41:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260676.1553935; Tue, 24 Mar 2026 12:41:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w514E-0008Ow-Tw; Tue, 24 Mar 2026 12:41:06 +0000 Received: by outflank-mailman (input) for mailman id 1260676; Tue, 24 Mar 2026 12:41:05 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w514C-0008It-Md; Tue, 24 Mar 2026 12:41:04 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w514C-00Ccc7-2T; Tue, 24 Mar 2026 13:41:04 +0100 Received: from [10.42.69.10] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c2865e-bab6-0a2a0a5309dd-0a2a450ac9a4-16 for ; Tue, 24 Mar 2026 13:41:03 +0100 Received: from [104.130.215.37] (helo=mail.xenproject.org) by tlsNG-4011c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c281e8-1772-0a2a450a0019-6882d725a4bc-3 for ; Tue, 24 Mar 2026 13:22:01 +0100 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.96) (envelope-from ) id 1w50lg-007DvC-0W; Tue, 24 Mar 2026 12:21:55 +0000 Received: from andrewcoop by xenbits.xenproject.org with local (Exim 4.96) (envelope-from ) id 1w50lf-00ByI7-2u; Tue, 24 Mar 2026 12:21:55 +0000 X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" Authentication-Results: eu.smtp.expurgate.cloud; none Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.510 (Entity 5.510) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team CC: Xen.org security team Subject: Xen Security Advisory 482 v3 (CVE-2026-31788) - Linux privcmd driver can circumvent kernel lockdown Message-Id: Date: Tue, 24 Mar 2026 12:21:55 +0000 X-purgate-ID: tlsNG-4011c0/1774354921-BDC8C900-E6AC00F7/1/8689920845 X-purgate-type: clean X-purgate-size: 13951 --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2026-31788 / XSA-482 version 3 Linux privcmd driver can circumvent kernel lockdown UPDATES IN VERSION 3 ==================== CVE assigned. ISSUE DESCRIPTION ================= The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown (secure boot), e.g. by modifying page tables to enable user mode to modify kernel memory. IMPACT ====== An administrator of an unprivileged guest booted in secure mode is able to perform actions on the kernel which should not be possible in secure mode. VULNERABLE SYSTEMS ================== PV, PVH and HVM guests running Linux using secure boot are vulnerable. BSD based systems are believed not to be vulnerable due to a lack of secure boot support. MITIGATION ========== There is no known mitigation. CREDITS ======= This issue was discovered by Teddy Astie of Vates. RESOLUTION ========== Applying the set of attached patches resolves this issue. xsa482-linux-?.patch Linux $ sha256sum xsa482* a4e67d2c773e2e13252337e4b64c08b342c0eb2e0e92271a79dc588ac34e7c3a xsa482-linux-1.patch dd952c1fc49ceb47803b78e15cfe3f7f11a845b29c6b2a80afa7a9eaa60a00ec xsa482-linux-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because the patches need to be applied to the guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmnCgb8MHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZ+HQIALz+nyJm5t0ZSnPHwNDN/EVOrftrep1+m2f35QeG 9/PWglS7gb5FX7q7Ao5dPoNsN0vJhgeiqyuJlUuvOwvVNPF7mA/wl+YuzgCjMyTD rPS3E9lzaQRyfAR1UwvDRyUCYeiE2TNNWA/Y7LMOVB5dswrhO3P7jH5qvUJLTz3z fcWKsnunrK1AK1YepklI6ybRhyZY191xI10FX0eSRo1k5gh6KuT5FPqCdjUEBjFO 0BPi+L+Lj8mZW2kbQ5ctRnesneQqS8Kud/EP+xnTH1hy/YiQny0T2RC9s4/hpQMu Mav6EICE7kPvGtjgAYpjBQj+LHCyek3nRizd9gQ8tDaiYLQ= =CIF6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa482-linux-1.patch" Content-Disposition: attachment; filename="xsa482-linux-1.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjVmMjA1MmZjYjUyYjllMjZlMTQ2Nzg5MzU5ZjQ1MjJjZWVkZDFi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFRodSwgOSBPY3QgMjAyNSAxNjo1 NDo1OCArMDIwMApTdWJqZWN0OiBbUEFUQ0ggdjMgMS8yXSB4ZW4vcHJpdmNt ZDogcmVzdHJpY3QgdXNhZ2UgaW4gdW5wcml2aWxlZ2VkIGRvbVUKClRoZSBY ZW4gcHJpdmNtZCBkcml2ZXIgYWxsb3dzIHRvIGlzc3VlIGFyYml0cmFyeSBo eXBlcmNhbGxzIGZyb20KdXNlciBzcGFjZSBwcm9jZXNzZXMuIFRoaXMgaXMg bm9ybWFsbHkgbm8gcHJvYmxlbSwgYXMgYWNjZXNzIGlzCnVzdWFsbHkgbGlt aXRlZCB0byByb290IGFuZCB0aGUgaHlwZXJ2aXNvciB3aWxsIGRlbnkgYW55 IGh5cGVyY2FsbHMKYWZmZWN0aW5nIG90aGVyIGRvbWFpbnMuCgpJbiBjYXNl IHRoZSBndWVzdCBpcyBib290ZWQgdXNpbmcgc2VjdXJlIGJvb3QsIGhvd2V2 ZXIsIHRoZSBwcml2Y21kCmRyaXZlciB3b3VsZCBiZSBlbmFibGluZyBhIHJv b3QgdXNlciBwcm9jZXNzIHRvIG1vZGlmeSBlLmcuIGtlcm5lbAptZW1vcnkg Y29udGVudHMsIHRodXMgYnJlYWtpbmcgdGhlIHNlY3VyZSBib290IGZlYXR1 cmUuCgpUaGUgb25seSBrbm93biBjYXNlIHdoZXJlIGFuIHVucHJpdmlsZWdl ZCBkb21VIGlzIHJlYWxseSBuZWVkaW5nIHRvCnVzZSB0aGUgcHJpdmNtZCBk cml2ZXIgaXMgdGhlIGNhc2Ugd2hlbiBpdCBpcyBhY3RpbmcgYXMgdGhlIGRl dmljZQptb2RlbCBmb3IgYW5vdGhlciBndWVzdC4gSW4gdGhpcyBjYXNlIGFs bCBoeXBlcmNhbGxzIGlzc3VlZCB2aWEgdGhlCnByaXZjbWQgZHJpdmVyIHdp bGwgdGFyZ2V0IHRoYXQgb3RoZXIgZ3Vlc3QuCgpGb3J0dW5hdGVseSB0aGUg cHJpdmNtZCBkcml2ZXIgY2FuIGFscmVhZHkgYmUgbG9ja2VkIGRvd24gdG8g YWxsb3cKb25seSBoeXBlcmNhbGxzIHRhcmdldGluZyBhIHNwZWNpZmljIGRv bWFpbiwgYnV0IHRoaXMgbW9kZSBjYW4gYmUKYWN0aXZhdGVkIGZyb20gdXNl ciBsYW5kIG9ubHkgdG9kYXkuCgpUaGUgdGFyZ2V0IGRvbWFpbiBjYW4gYmUg b2J0YWluZWQgZnJvbSBYZW5zdG9yZSwgc28gd2hlbiBub3QgcnVubmluZwpp biBkb20wIHJlc3RyaWN0IHRoZSBwcml2Y21kIGRyaXZlciB0byB0aGF0IHRh cmdldCBkb21haW4gZnJvbSB0aGUKYmVnaW5uaW5nLCByZXNvbHZpbmcgdGhl IHBvdGVudGlhbCBwcm9ibGVtIG9mIGJyZWFraW5nIHNlY3VyZSBib290LgoK VGhpcyBpcyBYU0EtNDgyIC8gQ1ZFID8/PwoKUmVwb3J0ZWQtYnk6IFRlZGR5 IEFzdGllIDx0ZWRkeS5hc3RpZUB2YXRlcy50ZWNoPgpGaXhlczogMWM1ZGUx OTM5YzIwICgieGVuOiBhZGQgcHJpdmNtZCBkcml2ZXIiKQpTaWduZWQtb2Zm LWJ5OiBKdWVyZ2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+Ci0tLQogZHJp dmVycy94ZW4vcHJpdmNtZC5jIHwgNjAgKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDU3IGlu c2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZHJp dmVycy94ZW4vcHJpdmNtZC5jIGIvZHJpdmVycy94ZW4vcHJpdmNtZC5jCmlu ZGV4IDE3NTljYzE4NzUzZi4uYTgzYmFkNjlmNGYyIDEwMDY0NAotLS0gYS9k cml2ZXJzL3hlbi9wcml2Y21kLmMKKysrIGIvZHJpdmVycy94ZW4vcHJpdmNt ZC5jCkBAIC0xMiw2ICsxMiw3IEBACiAjaW5jbHVkZSA8bGludXgvZXZlbnRm ZC5oPgogI2luY2x1ZGUgPGxpbnV4L2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9rZXJuZWwuaD4KKyNpbmNsdWRlIDxsaW51eC9rc3RydG94Lmg+CiAjaW5j bHVkZSA8bGludXgvbW9kdWxlLmg+CiAjaW5jbHVkZSA8bGludXgvbXV0ZXgu aD4KICNpbmNsdWRlIDxsaW51eC9wb2xsLmg+CkBAIC0zMCw3ICszMSw5IEBA CiAjaW5jbHVkZSA8bGludXgvc2VxX2ZpbGUuaD4KICNpbmNsdWRlIDxsaW51 eC9taXNjZGV2aWNlLmg+CiAjaW5jbHVkZSA8bGludXgvbW9kdWxlcGFyYW0u aD4KKyNpbmNsdWRlIDxsaW51eC9ub3RpZmllci5oPgogI2luY2x1ZGUgPGxp bnV4L3ZpcnRpb19tbWlvLmg+CisjaW5jbHVkZSA8bGludXgvd2FpdC5oPgog CiAjaW5jbHVkZSA8YXNtL3hlbi9oeXBlcnZpc29yLmg+CiAjaW5jbHVkZSA8 YXNtL3hlbi9oeXBlcmNhbGwuaD4KQEAgLTQ2LDYgKzQ5LDcgQEAKICNpbmNs dWRlIDx4ZW4vcGFnZS5oPgogI2luY2x1ZGUgPHhlbi94ZW4tb3BzLmg+CiAj aW5jbHVkZSA8eGVuL2JhbGxvb24uaD4KKyNpbmNsdWRlIDx4ZW4veGVuYnVz Lmg+CiAjaWZkZWYgQ09ORklHX1hFTl9BQ1BJCiAjaW5jbHVkZSA8eGVuL2Fj cGkuaD4KICNlbmRpZgpAQCAtNzIsNiArNzYsMTEgQEAgc3RydWN0IHByaXZj bWRfZGF0YSB7CiAJZG9taWRfdCBkb21pZDsKIH07CiAKKy8qIERPTUlEX0lO VkFMSUQgaW1wbGllcyBubyByZXN0cmljdGlvbiAqLworc3RhdGljIGRvbWlk X3QgdGFyZ2V0X2RvbWFpbiA9IERPTUlEX0lOVkFMSUQ7CitzdGF0aWMgYm9v bCByZXN0cmljdF93YWl0Oworc3RhdGljIERFQ0xBUkVfV0FJVF9RVUVVRV9I RUFEKHJlc3RyaWN0X3dhaXRfd3EpOworCiBzdGF0aWMgaW50IHByaXZjbWRf dm1hX3JhbmdlX2lzX21hcHBlZCgKICAgICAgICAgICAgICAgIHN0cnVjdCB2 bV9hcmVhX3N0cnVjdCAqdm1hLAogICAgICAgICAgICAgICAgdW5zaWduZWQg bG9uZyBhZGRyLApAQCAtMTU2MywxMyArMTU3MiwxNiBAQCBzdGF0aWMgbG9u ZyBwcml2Y21kX2lvY3RsKHN0cnVjdCBmaWxlICpmaWxlLAogCiBzdGF0aWMg aW50IHByaXZjbWRfb3BlbihzdHJ1Y3QgaW5vZGUgKmlubywgc3RydWN0IGZp bGUgKmZpbGUpCiB7Ci0Jc3RydWN0IHByaXZjbWRfZGF0YSAqZGF0YSA9IGt6 YWxsb2Nfb2JqKCpkYXRhKTsKKwlzdHJ1Y3QgcHJpdmNtZF9kYXRhICpkYXRh OworCisJaWYgKHdhaXRfZXZlbnRfaW50ZXJydXB0aWJsZShyZXN0cmljdF93 YWl0X3dxLCAhcmVzdHJpY3Rfd2FpdCkgPCAwKQorCQlyZXR1cm4gLUVJTlRS OwogCisJZGF0YSA9IGt6YWxsb2Nfb2JqKCpkYXRhKTsKIAlpZiAoIWRhdGEp CiAJCXJldHVybiAtRU5PTUVNOwogCi0JLyogRE9NSURfSU5WQUxJRCBpbXBs aWVzIG5vIHJlc3RyaWN0aW9uICovCi0JZGF0YS0+ZG9taWQgPSBET01JRF9J TlZBTElEOworCWRhdGEtPmRvbWlkID0gdGFyZ2V0X2RvbWFpbjsKIAogCWZp bGUtPnByaXZhdGVfZGF0YSA9IGRhdGE7CiAJcmV0dXJuIDA7CkBAIC0xNjYy LDYgKzE2NzQsNDUgQEAgc3RhdGljIHN0cnVjdCBtaXNjZGV2aWNlIHByaXZj bWRfZGV2ID0gewogCS5mb3BzID0gJnhlbl9wcml2Y21kX2ZvcHMsCiB9Owog CitzdGF0aWMgaW50IGluaXRfcmVzdHJpY3Qoc3RydWN0IG5vdGlmaWVyX2Js b2NrICpub3RpZmllciwKKwkJCSB1bnNpZ25lZCBsb25nIGV2ZW50LAorCQkJ IHZvaWQgKmRhdGEpCit7CisJY2hhciAqdGFyZ2V0OworCXVuc2lnbmVkIGlu dCBkb21pZDsKKworCS8qIERlZmF1bHQgdG8gYW4gZ3VhcmFudGVlZCB1bnVz ZWQgZG9tYWluLWlkLiAqLworCXRhcmdldF9kb21haW4gPSBET01JRF9JRExF OworCisJdGFyZ2V0ID0geGVuYnVzX3JlYWQoWEJUX05JTCwgInRhcmdldCIs ICIiLCBOVUxMKTsKKwlpZiAoSVNfRVJSKHRhcmdldCkgfHwga3N0cnRvdWlu dCh0YXJnZXQsIDEwLCAmZG9taWQpKSB7CisJCXByX2VycigiTm8gdGFyZ2V0 IGRvbWFpbiBmb3VuZCwgYmxvY2tpbmcgYWxsIGh5cGVyY2FsbHNcbiIpOwor CQlnb3RvIG91dDsKKwl9CisKKwl0YXJnZXRfZG9tYWluID0gZG9taWQ7CisK KyBvdXQ6CisJaWYgKCFJU19FUlIodGFyZ2V0KSkKKwkJa2ZyZWUodGFyZ2V0 KTsKKworCXJlc3RyaWN0X3dhaXQgPSBmYWxzZTsKKwl3YWtlX3VwX2FsbCgm cmVzdHJpY3Rfd2FpdF93cSk7CisKKwlyZXR1cm4gTk9USUZZX0RPTkU7Cit9 CisKK3N0YXRpYyBzdHJ1Y3Qgbm90aWZpZXJfYmxvY2sgeGVuc3RvcmVfbm90 aWZpZXIgPSB7CisJLm5vdGlmaWVyX2NhbGwgPSBpbml0X3Jlc3RyaWN0LAor fTsKKworc3RhdGljIHZvaWQgX19pbml0IHJlc3RyaWN0X2RyaXZlcih2b2lk KQoreworCXJlc3RyaWN0X3dhaXQgPSB0cnVlOworCisJcmVnaXN0ZXJfeGVu c3RvcmVfbm90aWZpZXIoJnhlbnN0b3JlX25vdGlmaWVyKTsKK30KKwogc3Rh dGljIGludCBfX2luaXQgcHJpdmNtZF9pbml0KHZvaWQpCiB7CiAJaW50IGVy cjsKQEAgLTE2NjksNiArMTcyMCw5IEBAIHN0YXRpYyBpbnQgX19pbml0IHBy aXZjbWRfaW5pdCh2b2lkKQogCWlmICgheGVuX2RvbWFpbigpKQogCQlyZXR1 cm4gLUVOT0RFVjsKIAorCWlmICgheGVuX2luaXRpYWxfZG9tYWluKCkpCisJ CXJlc3RyaWN0X2RyaXZlcigpOworCiAJZXJyID0gbWlzY19yZWdpc3Rlcigm cHJpdmNtZF9kZXYpOwogCWlmIChlcnIgIT0gMCkgewogCQlwcl9lcnIoIkNv dWxkIG5vdCByZWdpc3RlciBYZW4gcHJpdmNtZCBkZXZpY2VcbiIpOwotLSAK Mi41My4wCgo= --=separator Content-Type: application/octet-stream; name="xsa482-linux-2.patch" Content-Disposition: attachment; filename="xsa482-linux-2.patch" Content-Transfer-Encoding: base64 RnJvbSA2ZjY5MThmZTFkZDQ1OTBlMDBmZjk1OTAwODZmYWIwOGQ5Mjg0MDVi IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKdWVyZ2VuIEdyb3Nz IDxqZ3Jvc3NAc3VzZS5jb20+CkRhdGU6IFR1ZSwgMTQgT2N0IDIwMjUgMTM6 Mjg6MTUgKzAyMDAKU3ViamVjdDogW1BBVENIIHYzIDIvMl0geGVuL3ByaXZj bWQ6IGFkZCBib290IGNvbnRyb2wgZm9yIHJlc3RyaWN0ZWQgdXNhZ2UgaW4K IGRvbVUKCldoZW4gcnVubmluZyBpbiBhbiB1bnByaXZpbGVnZWQgZG9tVSB1 bmRlciBYZW4sIHRoZSBwcml2Y21kIGRyaXZlcgppcyByZXN0cmljdGVkIHRv IGFsbG93IG9ubHkgaHlwZXJjYWxscyBhZ2FpbnN0IGEgdGFyZ2V0IGRvbWFp biwgZm9yCndoaWNoIHRoZSBjdXJyZW50IGRvbVUgaXMgYWN0aW5nIGFzIGEg ZGV2aWNlIG1vZGVsLgoKQWRkIGEgYm9vdCBwYXJhbWV0ZXIgInVucmVzdHJp Y3RlZCIgdG8gYWxsb3cgYWxsIGh5cGVyY2FsbHMgKHRoZQpoeXBlcnZpc29y IHdpbGwgc3RpbGwgcmVmdXNlIGRlc3RydWN0aXZlIGh5cGVyY2FsbHMgYWZm ZWN0aW5nIG90aGVyCmd1ZXN0cykuCgpNYWtlIHRoaXMgbmV3IHBhcmFtZXRl ciBlZmZlY3RpdmUgb25seSBpbiBjYXNlIHRoZSBkb21VIHdhc24ndCBzdGFy dGVkCnVzaW5nIHNlY3VyZSBib290LCBhcyBvdGhlcndpc2UgaHlwZXJjYWxs cyB0YXJnZXRpbmcgdGhlIGRvbVUgaXRzZWxmCm1pZ2h0IHJlc3VsdCBpbiB2 aW9sYXRpbmcgdGhlIHNlY3VyZSBib290IGZ1bmN0aW9uYWxpdHkuCgpUaGlz IGlzIGFjaGlldmVkIGJ5IGFkZGluZyBhbm90aGVyIGxvY2tkb3duIHJlYXNv biwgd2hpY2ggY2FuIGJlCnRlc3RlZCB0byBub3QgYmVpbmcgc2V0IHdoZW4g YXBwbHlpbmcgdGhlICJ1bnJlc3RyaWN0ZWQiIG9wdGlvbi4KClRoaXMgaXMg cGFydCBvZiBYU0EtNDgyIC8gQ1ZFLT8/PwoKU2lnbmVkLW9mZi1ieTogSnVl cmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29tPgotLS0KIGRyaXZlcnMveGVu L3ByaXZjbWQuYyAgICB8IDEzICsrKysrKysrKysrKysKIGluY2x1ZGUvbGlu dXgvc2VjdXJpdHkuaCB8ICAxICsKIHNlY3VyaXR5L3NlY3VyaXR5LmMgICAg ICB8ICAxICsKIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKQoK ZGlmZiAtLWdpdCBhL2RyaXZlcnMveGVuL3ByaXZjbWQuYyBiL2RyaXZlcnMv eGVuL3ByaXZjbWQuYwppbmRleCBhODNiYWQ2OWY0ZjIuLmJiZjllZTIxMzA2 YyAxMDA2NDQKLS0tIGEvZHJpdmVycy94ZW4vcHJpdmNtZC5jCisrKyBiL2Ry aXZlcnMveGVuL3ByaXZjbWQuYwpAQCAtMzIsNiArMzIsNyBAQAogI2luY2x1 ZGUgPGxpbnV4L21pc2NkZXZpY2UuaD4KICNpbmNsdWRlIDxsaW51eC9tb2R1 bGVwYXJhbS5oPgogI2luY2x1ZGUgPGxpbnV4L25vdGlmaWVyLmg+CisjaW5j bHVkZSA8bGludXgvc2VjdXJpdHkuaD4KICNpbmNsdWRlIDxsaW51eC92aXJ0 aW9fbW1pby5oPgogI2luY2x1ZGUgPGxpbnV4L3dhaXQuaD4KIApAQCAtNzIs NiArNzMsMTEgQEAgbW9kdWxlX3BhcmFtX25hbWVkKGRtX29wX2J1Zl9tYXhf c2l6ZSwgcHJpdmNtZF9kbV9vcF9idWZfbWF4X3NpemUsIHVpbnQsCiBNT0RV TEVfUEFSTV9ERVNDKGRtX29wX2J1Zl9tYXhfc2l6ZSwKIAkJICJNYXhpbXVt IHNpemUgb2YgYSBkbV9vcCBoeXBlcmNhbGwgYnVmZmVyIik7CiAKK3N0YXRp YyBib29sIHVucmVzdHJpY3RlZDsKK21vZHVsZV9wYXJhbSh1bnJlc3RyaWN0 ZWQsIGJvb2wsIDApOworTU9EVUxFX1BBUk1fREVTQyh1bnJlc3RyaWN0ZWQs CisJIkRvbid0IHJlc3RyaWN0IGh5cGVyY2FsbHMgdG8gdGFyZ2V0IGRvbWFp biBpZiBydW5uaW5nIGluIGEgZG9tVSIpOworCiBzdHJ1Y3QgcHJpdmNtZF9k YXRhIHsKIAlkb21pZF90IGRvbWlkOwogfTsKQEAgLTE3MDgsNiArMTcxNCwx MyBAQCBzdGF0aWMgc3RydWN0IG5vdGlmaWVyX2Jsb2NrIHhlbnN0b3JlX25v dGlmaWVyID0gewogCiBzdGF0aWMgdm9pZCBfX2luaXQgcmVzdHJpY3RfZHJp dmVyKHZvaWQpCiB7CisJaWYgKHVucmVzdHJpY3RlZCkgeworCQlpZiAoc2Vj dXJpdHlfbG9ja2VkX2Rvd24oTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OUykp CisJCQlwcl93YXJuKCJLZXJuZWwgaXMgbG9ja2VkIGRvd24sIHBhcmFtZXRl ciBcInVucmVzdHJpY3RlZFwiIGlnbm9yZWRcbiIpOworCQllbHNlCisJCQly ZXR1cm47CisJfQorCiAJcmVzdHJpY3Rfd2FpdCA9IHRydWU7CiAKIAlyZWdp c3Rlcl94ZW5zdG9yZV9ub3RpZmllcigmeGVuc3RvcmVfbm90aWZpZXIpOwpk aWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oIGIvaW5jbHVk ZS9saW51eC9zZWN1cml0eS5oCmluZGV4IDgzYTY0NmQ3MmY2Zi4uZWU4OGRk MmQyZDFmIDEwMDY0NAotLS0gYS9pbmNsdWRlL2xpbnV4L3NlY3VyaXR5LmgK KysrIGIvaW5jbHVkZS9saW51eC9zZWN1cml0eS5oCkBAIC0xNDUsNiArMTQ1 LDcgQEAgZW51bSBsb2NrZG93bl9yZWFzb24gewogCUxPQ0tET1dOX0JQRl9X UklURV9VU0VSLAogCUxPQ0tET1dOX0RCR19XUklURV9LRVJORUwsCiAJTE9D S0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT04sCisJTE9DS0RPV05fWEVOX1VT RVJfQUNUSU9OUywKIAlMT0NLRE9XTl9JTlRFR1JJVFlfTUFYLAogCUxPQ0tE T1dOX0tDT1JFLAogCUxPQ0tET1dOX0tQUk9CRVMsCmRpZmYgLS1naXQgYS9z ZWN1cml0eS9zZWN1cml0eS5jIGIvc2VjdXJpdHkvc2VjdXJpdHkuYwppbmRl eCA2N2FmOTIyOGM0ZTkuLmEyNmMxNDc0ZTJlNCAxMDA2NDQKLS0tIGEvc2Vj dXJpdHkvc2VjdXJpdHkuYworKysgYi9zZWN1cml0eS9zZWN1cml0eS5jCkBA IC02MSw2ICs2MSw3IEBAIGNvbnN0IGNoYXIgKmNvbnN0IGxvY2tkb3duX3Jl YXNvbnNbTE9DS0RPV05fQ09ORklERU5USUFMSVRZX01BWCArIDFdID0gewog CVtMT0NLRE9XTl9CUEZfV1JJVEVfVVNFUl0gPSAidXNlIG9mIGJwZiB0byB3 cml0ZSB1c2VyIFJBTSIsCiAJW0xPQ0tET1dOX0RCR19XUklURV9LRVJORUxd ID0gInVzZSBvZiBrZ2RiL2tkYiB0byB3cml0ZSBrZXJuZWwgUkFNIiwKIAlb TE9DS0RPV05fUlRBU19FUlJPUl9JTkpFQ1RJT05dID0gIlJUQVMgZXJyb3Ig aW5qZWN0aW9uIiwKKwlbTE9DS0RPV05fWEVOX1VTRVJfQUNUSU9OU10gPSAi WGVuIGd1ZXN0IHVzZXIgYWN0aW9uIiwKIAlbTE9DS0RPV05fSU5URUdSSVRZ X01BWF0gPSAiaW50ZWdyaXR5IiwKIAlbTE9DS0RPV05fS0NPUkVdID0gIi9w cm9jL2tjb3JlIGFjY2VzcyIsCiAJW0xPQ0tET1dOX0tQUk9CRVNdID0gInVz ZSBvZiBrcHJvYmVzIiwKLS0gCjIuNTMuMAoK --=separator-- From xen-users-bounces@lists.xenproject.org Tue Mar 24 23:21:03 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 23:21:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260495.1554434 (Exim 4.92) (envelope-from ) id 1w5B34-0004gp-6f; Tue, 24 Mar 2026 23:20:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260495.1554434; Tue, 24 Mar 2026 23:20:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5B34-0004gi-2a; Tue, 24 Mar 2026 23:20:34 +0000 Received: by outflank-mailman (input) for mailman id 1260495; Tue, 24 Mar 2026 12:16:34 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50gU-0005ds-FP; Tue, 24 Mar 2026 12:16:34 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w50gT-006LGu-RD; Tue, 24 Mar 2026 13:16:33 +0100 Received: from [10.42.69.1] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c2809f-2eae-0a2a0a5409dd-0a2a4501a62c-6 for ; Tue, 24 Mar 2026 13:16:33 +0100 Received: from [202.12.124.156] (helo=fhigh-b5-smtp.messagingengine.com) by tlsNG-d62444.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c2809f-6400-0a2a45010019-ca0c7c9ccf87-3 for ; Tue, 24 Mar 2026 13:16:33 +0100 Received: from phl-compute-11.internal (phl-compute-11.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id DD4F37A0205; Tue, 24 Mar 2026 08:16:30 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Tue, 24 Mar 2026 08:16:31 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 24 Mar 2026 08:16:29 -0400 (EDT) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=fm1 header.d=kroah.com header.i="@kroah.com" header.h="Cc:Content-Type:Date:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To"; dkim=pass header.s=fm1 header.d=messagingengine.com header.i="@messagingengine.com" header.h="Cc:Content-Type:Date:Feedback-ID:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To:X-ME-Proxy:X-ME-Sender" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1774354590; x=1774440990; bh=bWcFSwCVPN zsCk7pIB4ZzNyRLxmXnF8m1I59uyLy4p4=; b=r5hLWpll9su1TYtuN06CA/8xfD 4cvvyyfYmhw2Qn8eT01/zXQcpxxxborX/9H8X/DWkIRN27cPsRrTcRyUvzblI+hD pYU/lfA2UcAoHgSXA1fh8plMWoE44Qwrcogl4JmykgdJW7OF981L5LIUsi1Uf3O4 qX4fx5eNYcdqbNntv4jbYxtUTADd38p+aswcvAihKzQz1K813OAQvdKTroKpasHn oYpDUw5Z5cJ7LwZa4yIKZqnQmMC5iGC93RLB4/vWqk9pp56f25Mo6e93rnT0lGI0 bjOcNGPspBDvzdpy7SjCkK0SY6gZNP84zPR23dDbLB2LtDTSvUjvQMJjs3ag== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1774354590; x=1774440990; bh=bWcFSwCVPNzsCk7pIB4ZzNyRLxmXnF8m1I5 9uyLy4p4=; b=e8In13ggtbu5OWvNnjRBIEDmFFoHmkiCnwdZ5wwo+uKVRmVxvf2 dK40l0sLAgSMUh309bFKzAzJF7rdTi8QUCZCi4h7GMClvSMjV535Vr0DAVzy8MYO oxAvtcyaL5dKbnRBrn7O8xCTFvXBdXwNmU1z2tG5XCYoI1qxIKQT7fUNh7gcbKXK yk9pjbbj1XfosyVYVU8RJ57ab0nWpR+QDYbLyMdzd0t+YhuZJomim6xgTRl4GFyf ASdo29fLKIaOqdDQ2laAagZBUVhWYZKP7FyxIH1JBxSDeWhaRz7nAz56c0Fp9Izq r0ExalDi+HK6j1ACAMswAN403RGU4NXH5Ng== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefvdduheeiucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepifhrvghgucfm jfcuoehgrhgvgheskhhrohgrhhdrtghomheqnecuggftrfgrthhtvghrnhepheegvdevvd eljeeugfdtudduhfekledtiefhveejkeejuefhtdeufefhgfehkeetnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorghhrd gtohhmpdhnsggprhgtphhtthhopedutddpmhhouggvpehsmhhtphhouhhtpdhrtghpthht ohepohhsshdqshgvtghurhhithihsehlihhsthhsrdhophgvnhifrghllhdrtghomhdprh gtphhtthhopeigvghnqdgrnhhnohhunhgtvgeslhhishhtshdrgigvnhdrohhrghdprhgt phhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnrdhorhhgpdhrtghpthhtoh epgigvnhdquhhsvghrsheslhhishhtshdrgigvnhdrohhrghdprhgtphhtthhopehsvggt uhhrihhthidqthgvrghmqdhmvghmsggvrhhsseigvghnrdhorhhg X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Date: Tue, 24 Mar 2026 13:16:08 +0100 From: Greg KH To: oss-security@lists.openwall.com Cc: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, "Xen.org security team" Subject: Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Message-ID: <2026032453-departed-thrash-f153@gregkh> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-purgate-ID: tlsNG-d62444/1774354593-8ECE3DF3-F7066FAD/0/0 X-purgate-type: clean X-purgate-size: 738 On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Xen Security Advisory XSA-482 > version 2 > > Linux privcmd driver can circumvent kernel lockdown > > UPDATES IN VERSION 2 > ==================== > > Public release. > > ISSUE DESCRIPTION > ================= > > The Linux kernel's privcmd driver can be abused to circumvent kernel > lockdown (secure boot), e.g. by modifying page tables to enable user > mode to modify kernel memory. > > The CNA covering Linux has refused to assign a CVE at this juncture. This is now assigned to CVE-2026-31788 thanks, greg k-h From xen-users-bounces@lists.xenproject.org Tue Mar 24 23:21:03 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 24 Mar 2026 23:21:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1260621.1554440 (Exim 4.92) (envelope-from ) id 1w5B34-0004ku-Io; Tue, 24 Mar 2026 23:20:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1260621.1554440; Tue, 24 Mar 2026 23:20:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5B34-0004jR-DM; Tue, 24 Mar 2026 23:20:34 +0000 Received: by outflank-mailman (input) for mailman id 1260621; Tue, 24 Mar 2026 12:32:07 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w50vX-0004LP-He for xen-users@lists.xen.org; Tue, 24 Mar 2026 12:32:07 +0000 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 75641abe-277d-11f1-b166-2bf370ae4941; Tue, 24 Mar 2026 13:32:04 +0100 (CET) Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42]) by mailfhigh.stl.internal (Postfix) with ESMTP id 3968D7A00D9; Tue, 24 Mar 2026 08:32:01 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-02.internal (MEProxy); Tue, 24 Mar 2026 08:32:01 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 24 Mar 2026 08:32:00 -0400 (EDT) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" X-Inumbo-ID: 75641abe-277d-11f1-b166-2bf370ae4941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1774355521; x=1774441921; bh=4/kIAkzXCa EwyFMWc/BA68EXScKywCVPhm+DDXoZ4JI=; b=fLwuWhYw1wYgcbmS1iao0VKwIQ tmw+L/6Bs8aSDk1Rvz7cljScuD/kTOIH/uhzgnItR1TIxwdNsSu+OoJPwOTTIsOi 3dcZTMxqg0EWSSwNKqocPITA+17Thb/q874T94yPd9unEmQypQBS4x1iATcygKlY 9GLH9h1NefrfOCA7us9FQIN4Bnjqe0S6+uQnEixGo6K+QTLirZKjePxTf0j8FyFV C9fkTFn5pcIRhuOR7jtiHG+0BlyrheKUmgym9pySLF+X2QoD501aRVhka4L5ZXEW kAzPxVl22kiNQHJCjbsuBgjDGPxHgMeOrmwntYHLMl8koIQES38Kd76FEaFg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1774355521; x=1774441921; bh=4/kIAkzXCaEwyFMWc/BA68EXScKywCVPhm+ DDXoZ4JI=; b=ceLFBZdg29TmDjfTz8rckQGNCeaVEyrp5CnE+oPpYZXwtzglFq2 //lcToFb8K3RosW0PA0Ff7ujLhjaPd5MCIu5bN/RXQW+ozN1zSNqKo8f65sfQeTt idjkyMizfzLXBNHO9TqvcMT7LC5Xl7D5/gLeSBdWh91yoFoA+Q0tdgllI41VBX+I c/qFdLOAea18ZhpYEg59QJtNJjqlm8XG1icPAKzzPGkUM+JYd78lhQoLN+gE4p0J qLhZWwGJNfMlEhhwJgEd3OWm0GSDYtOsMU3aoZbOSMoOSWwgIH3fnjRJNEphLX54 Qx36S2CA4/MJW3J0fVh8TJZZIf+3DJBknvg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgdefvdduheekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepifhrvghgucfm jfcuoehgrhgvgheskhhrohgrhhdrtghomheqnecuggftrfgrthhtvghrnhepheegvdevvd eljeeugfdtudduhfekledtiefhveejkeejuefhtdeufefhgfehkeetnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorghhrd gtohhmpdhnsggprhgtphhtthhopedutddpmhhouggvpehsmhhtphhouhhtpdhrtghpthht ohepohhsshdqshgvtghurhhithihsehlihhsthhsrdhophgvnhifrghllhdrtghomhdprh gtphhtthhopeigvghnqdgrnhhnohhunhgtvgeslhhishhtshdrgigvnhdrohhrghdprhgt phhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnrdhorhhgpdhrtghpthhtoh epgigvnhdquhhsvghrsheslhhishhtshdrgigvnhdrohhrghdprhgtphhtthhopehsvggt uhhrihhthidqthgvrghmqdhmvghmsggvrhhsseigvghnrdhorhhg X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Date: Tue, 24 Mar 2026 13:31:38 +0100 From: Greg KH To: oss-security@lists.openwall.com Cc: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, "Xen.org security team" Subject: Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Message-ID: <2026032405-faculty-agony-2599@gregkh> References: <2026032453-departed-thrash-f153@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2026032453-departed-thrash-f153@gregkh> On Tue, Mar 24, 2026 at 01:16:08PM +0100, Greg KH wrote: > On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Xen Security Advisory XSA-482 > > version 2 > > > > Linux privcmd driver can circumvent kernel lockdown > > > > UPDATES IN VERSION 2 > > ==================== > > > > Public release. > > > > ISSUE DESCRIPTION > > ================= > > > > The Linux kernel's privcmd driver can be abused to circumvent kernel > > lockdown (secure boot), e.g. by modifying page tables to enable user > > mode to modify kernel memory. > > > > The CNA covering Linux has refused to assign a CVE at this juncture. > > This is now assigned to CVE-2026-31788 And, to be more clear, the kernel CNA should have given you a CVE earlier, sorry about that, that was my fault. We had been "burned" by other groups/companies asking for CVEs "ahead of time" for Linux for things that turned out to be wrong or not needing a CVE at all at the same time you all asked for one, so I reacted much harsher here than you all deserved by saying we would assign one once the issue was public. I should have trusted you as obviously you know what you are doing here and should have gotten a CVE for your accounting earlier. Again, my fault, sorry about that, if you all need one in the future for any issue, we will assign it ahead of time. greg k-h From xen-users-bounces@lists.xenproject.org Thu Mar 26 12:25:15 2026 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 26 Mar 2026 12:25:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.1263897.1555696 (Exim 4.92) (envelope-from ) id 1w5jlP-0000hZ-Ax; Thu, 26 Mar 2026 12:24:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1263897.1555696; Thu, 26 Mar 2026 12:24:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5jlP-0000gi-6t; Thu, 26 Mar 2026 12:24:39 +0000 Received: by outflank-mailman (input) for mailman id 1263897; Thu, 26 Mar 2026 12:24:38 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w5jlO-0000e4-Iu for xen-users@lists.xen.org; Thu, 26 Mar 2026 12:24:38 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1w5jlN-000UEG-Ux for xen-users@lists.xen.org; Thu, 26 Mar 2026 13:24:37 +0100 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69c5257f-bab6-0a2a0a5309dd-0a2a45069edc-42 for ; Thu, 26 Mar 2026 13:24:37 +0100 Received: from [209.85.218.54] (helo=mail-ej1-f54.google.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.55.2) (envelope-from ) id 69c52585-3034-0a2a45060019-d155da36b46c-3 for ; Thu, 26 Mar 2026 13:24:37 +0100 Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-b98133bdc4bso98831366b.0 for ; Thu, 26 Mar 2026 05:24:37 -0700 (PDT) Received: from ?IPV6:2a00:12d0:af5d:ad01:5d3f:14e6:9bcb:5112? (2a00-12d0-af5d-ad01-5d3f-14e6-9bcb-5112.ip.tng.de. [2a00:12d0:af5d:ad01:5d3f:14e6:9bcb:5112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b9b20218741sm111025866b.1.2026.03.26.05.24.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 Mar 2026 05:24:35 -0700 (PDT) X-BeenThere: xen-users@lists.xenproject.org List-Id: Xen user discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-users-bounces@lists.xenproject.org Precedence: list Sender: "Xen-users" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1774527877; x=1775132677; darn=lists.xen.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=BjiVae1OUkiC7qr8+WSQzejecCRmB09E/ef3t348aHc=; b=PMUPtUFJrye4JWgBrarOQjuwvStfmp4sohyMhH0oz6cpJ4Ru/aXYgVPn9GxOmX7LGm tD40ZPV3jVoLFtVsmuaulHW69pVu9tvZti1so1OaPq7Jmu4wGpt+ib7/WBLu4/jCTKBf 5SQiW7ZsntaUgm5YXaYRUzUwuSKrDIAFz4+pLuNhosSM1aaAd89Hl3LpmT4UQM/MbGoM OtqsF1Yxk1YMCvQTVcj0+y33ZA5mUnOnU8SUKRTIisAtujqsI1/DuHY12z98JyKPHbQE 9fq6KafM5fILm7YSemexi1MokhXLYeM7NI0iJP7deyooqseJstPc70EnhKWTKxTqXX1c trmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774527877; x=1775132677; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BjiVae1OUkiC7qr8+WSQzejecCRmB09E/ef3t348aHc=; b=dwnUzePKRU2iJPqJCo9y7uHrRgGDlJP1p73a9DYLCTVnOOL1S/3lclcBOiOTai955q 185gT2kgnL6s3++LgQMZqOhd9FgKf0ynMm07Hl3b1dmLBPrHG16lg+TOD5/YCAk4NWpE oqIF9l0ZeNuMdG8zpW4VHo/3wp4jyTcvCoWjzg0BH0L+TzwQNVcHspyV5GF5OHoMbAV5 MuJlS42ErOIO6/21trVNJa4suQogYk6iliDf+5q1wX6cNY2APLQRS2sodjU0kKNghDO8 bKxifCpeTwWsgZraTK7h/TAUY5azAb09SEyVVf99zg2pEcDYXax2qreFCzLlqBb0MSeF +S4w== X-Forwarded-Encrypted: i=1; AJvYcCU7SiAMjDL8J/tvIzFaQ7zRAa0AIQk7h91arXJKMwc0k9+QMRIAyD534/IEZuevyf2LkRBc35xAt+o=@lists.xen.org X-Gm-Message-State: AOJu0YyKcAql6p21dDO+MtiNu8V545KlURXFTUOnO8FZYaboOXcDSCFp mOkp7T7tdidYFiajljqV2X70/kEvRAw570gOITgpUG6El/NC6P3hWaLaTEk2HhGrbyI= X-Gm-Gg: ATEYQzy7Umu8Rcjs+X9ZU3ApAc30eCkrGGqMEzOEC1mD2jGE/RigT15DXxqaCwZ0a81 4wmLJaEIdrqscDusI7npVYYvh8QV5U6uyekTu8H6nGgjMRFfICIeT+/oYbrFk1jBqJBt1gFoq6a wHlwfmMixEyf7o55PbdmnTJe+Lg7tip9v6QBneExt7CQMt2pHOKNfIqXzX/f9zMv2+8GSIiMdNh XKd70wf0/oxuLINVKVapLiww28mISTn+XZxsefTdBo83+0DmZ23PpK5qOsIy0rwhR8qKfbkj+zb s2clcAgw4hxlHb73ufewAV9Mm7LZ2ZN6lPaWkmdyX3swlSdKToO7a/eVQ5scXmV/+AL5oO+Ag7O jhtkwnNNY2+9Pvxz03kKosSh9SDAtWyorVWo5EZ9F6OXuLa5dVfxhMTkLrgzcopAjcyaFco9j++ xKBn0BfDXpue2FEd+P2fQWwcqY7VRxIZJFyspG1J88VmYmN0qw/RrLB4UE8ddgf4C0zORBeg6Ji BER8GHzy3tPYhkIYadvbDgUypGi/dyKA0hIX0CPziY0HVgYhXUUXA== X-Received: by 2002:a17:907:e0d8:b0:b97:f12a:3f8c with SMTP id a640c23a62f3a-b9a3f17f152mr307406766b.20.1774527876090; Thu, 26 Mar 2026 05:24:36 -0700 (PDT) Message-ID: Date: Thu, 26 Mar 2026 13:24:35 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown To: Greg KH , oss-security@lists.openwall.com Cc: xen-devel@lists.xen.org, xen-users@lists.xen.org, "Xen.org security team" References: <2026032453-departed-thrash-f153@gregkh> <2026032405-faculty-agony-2599@gregkh> Content-Language: en-US From: Juergen Gross Autocrypt: addr=jgross@suse.com; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNH0p1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmNvbT7CwHkEEwECACMFAlOMcK8CGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCw3p3WKL8TL8eZB/9G0juS/kDY9LhEXseh mE9U+iA1VsLhgDqVbsOtZ/S14LRFHczNd/Lqkn7souCSoyWsBs3/wO+OjPvxf7m+Ef+sMtr0 G5lCWEWa9wa0IXx5HRPW/ScL+e4AVUbL7rurYMfwCzco+7TfjhMEOkC+va5gzi1KrErgNRHH kg3PhlnRY0Udyqx++UYkAsN4TQuEhNN32MvN0Np3WlBJOgKcuXpIElmMM5f1BBzJSKBkW0Jc Wy3h2Wy912vHKpPV/Xv7ZwVJ27v7KcuZcErtptDevAljxJtE7aJG6WiBzm+v9EswyWxwMCIO RoVBYuiocc51872tRGywc03xaQydB+9R7BHPzsBNBFOMcBYBCADLMfoA44MwGOB9YT1V4KCy vAfd7E0BTfaAurbG+Olacciz3yd09QOmejFZC6AnoykydyvTFLAWYcSCdISMr88COmmCbJzn sHAogjexXiif6ANUUlHpjxlHCCcELmZUzomNDnEOTxZFeWMTFF9Rf2k2F0Tl4E5kmsNGgtSa aMO0rNZoOEiD/7UfPP3dfh8JCQ1VtUUsQtT1sxos8Eb/HmriJhnaTZ7Hp3jtgTVkV0ybpgFg w6WMaRkrBh17mV0z2ajjmabB7SJxcouSkR0hcpNl4oM74d2/VqoW4BxxxOD1FcNCObCELfIS auZx+XT6s+CE7Qi/c44ibBMR7hyjdzWbABEBAAHCwF8EGAECAAkFAlOMcBYCGwwACgkQsN6d 1ii/Ey9D+Af/WFr3q+bg/8v5tCknCtn92d5lyYTBNt7xgWzDZX8G6/pngzKyWfedArllp0Pn fgIXtMNV+3t8Li1Tg843EXkP7+2+CQ98MB8XvvPLYAfW8nNDV85TyVgWlldNcgdv7nn1Sq8g HwB2BHdIAkYce3hEoDQXt/mKlgEGsLpzJcnLKimtPXQQy9TxUaLBe9PInPd+Ohix0XOlY+Uk QFEx50Ki3rSDl2Zt2tnkNYKUCvTJq7jvOlaPd6d/W0tZqpyy7KVay+K4aMobDsodB3dvEAs6 ScCnh03dDAFgIq5nsB11j3KPKdVoPlfucX2c7kGNH+LUMbzqV6beIENfNexkOfxHfw== In-Reply-To: <2026032405-faculty-agony-2599@gregkh> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------nw8gdKChhgJqVH12D0LHtpD0" X-purgate-ID: tlsNG-16d1c6/1774527877-821931C2-5A90B7B8/0/0 X-purgate-type: clean X-purgate-size: 8271 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------nw8gdKChhgJqVH12D0LHtpD0 Content-Type: multipart/mixed; boundary="------------KP00Cr08CaoLPpzGlMsnkBLb"; protected-headers="v1" From: Juergen Gross To: Greg KH , oss-security@lists.openwall.com Cc: xen-devel@lists.xen.org, xen-users@lists.xen.org, "Xen.org security team" Message-ID: Subject: Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown References: <2026032453-departed-thrash-f153@gregkh> <2026032405-faculty-agony-2599@gregkh> In-Reply-To: <2026032405-faculty-agony-2599@gregkh> --------------KP00Cr08CaoLPpzGlMsnkBLb Content-Type: multipart/mixed; boundary="------------PP8RneE0SuDwvL0vSRYinmq3" --------------PP8RneE0SuDwvL0vSRYinmq3 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SGkgR3JlZywNCg0KT24gMjQuMDMuMjYgMTM6MzEsIEdyZWcgS0ggd3JvdGU6DQo+IE9uIFR1 ZSwgTWFyIDI0LCAyMDI2IGF0IDAxOjE2OjA4UE0gKzAxMDAsIEdyZWcgS0ggd3JvdGU6DQo+ PiBPbiBUdWUsIE1hciAyNCwgMjAyNiBhdCAxMjowNTo0NFBNICswMDAwLCBYZW4ub3JnIHNl Y3VyaXR5IHRlYW0gd3JvdGU6DQo+Pj4gLS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0Ut LS0tLQ0KPj4+IEhhc2g6IFNIQTI1Ng0KPj4+DQo+Pj4gICAgICAgICAgICAgICAgICAgICAg WGVuIFNlY3VyaXR5IEFkdmlzb3J5IFhTQS00ODINCj4+PiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgdmVyc2lvbiAyDQo+Pj4NCj4+PiAgICAgICAgICAgIExpbnV4IHByaXZj bWQgZHJpdmVyIGNhbiBjaXJjdW12ZW50IGtlcm5lbCBsb2NrZG93bg0KPj4+DQo+Pj4gVVBE QVRFUyBJTiBWRVJTSU9OIDINCj4+PiA9PT09PT09PT09PT09PT09PT09PQ0KPj4+DQo+Pj4g UHVibGljIHJlbGVhc2UuDQo+Pj4NCj4+PiBJU1NVRSBERVNDUklQVElPTg0KPj4+ID09PT09 PT09PT09PT09PT09DQo+Pj4NCj4+PiBUaGUgTGludXgga2VybmVsJ3MgcHJpdmNtZCBkcml2 ZXIgY2FuIGJlIGFidXNlZCB0byBjaXJjdW12ZW50IGtlcm5lbA0KPj4+IGxvY2tkb3duIChz ZWN1cmUgYm9vdCksIGUuZy4gYnkgbW9kaWZ5aW5nIHBhZ2UgdGFibGVzIHRvIGVuYWJsZSB1 c2VyDQo+Pj4gbW9kZSB0byBtb2RpZnkga2VybmVsIG1lbW9yeS4NCj4+Pg0KPj4+IFRoZSBD TkEgY292ZXJpbmcgTGludXggaGFzIHJlZnVzZWQgdG8gYXNzaWduIGEgQ1ZFIGF0IHRoaXMg anVuY3R1cmUuDQo+Pg0KPj4gVGhpcyBpcyBub3cgYXNzaWduZWQgdG8gQ1ZFLTIwMjYtMzE3 ODgNCj4gDQo+IEFuZCwgdG8gYmUgbW9yZSBjbGVhciwgdGhlIGtlcm5lbCBDTkEgc2hvdWxk IGhhdmUgZ2l2ZW4geW91IGEgQ1ZFDQo+IGVhcmxpZXIsIHNvcnJ5IGFib3V0IHRoYXQsIHRo YXQgd2FzIG15IGZhdWx0LiAgV2UgaGFkIGJlZW4gImJ1cm5lZCIgYnkNCj4gb3RoZXIgZ3Jv dXBzL2NvbXBhbmllcyBhc2tpbmcgZm9yIENWRXMgImFoZWFkIG9mIHRpbWUiIGZvciBMaW51 eCBmb3INCj4gdGhpbmdzIHRoYXQgdHVybmVkIG91dCB0byBiZSB3cm9uZyBvciBub3QgbmVl ZGluZyBhIENWRSBhdCBhbGwgYXQgdGhlDQo+IHNhbWUgdGltZSB5b3UgYWxsIGFza2VkIGZv ciBvbmUsIHNvIEkgcmVhY3RlZCBtdWNoIGhhcnNoZXIgaGVyZSB0aGFuIHlvdQ0KPiBhbGwg ZGVzZXJ2ZWQgYnkgc2F5aW5nIHdlIHdvdWxkIGFzc2lnbiBvbmUgb25jZSB0aGUgaXNzdWUg d2FzIHB1YmxpYy4gIEkNCj4gc2hvdWxkIGhhdmUgdHJ1c3RlZCB5b3UgYXMgb2J2aW91c2x5 IHlvdSBrbm93IHdoYXQgeW91IGFyZSBkb2luZyBoZXJlDQo+IGFuZCBzaG91bGQgaGF2ZSBn b3R0ZW4gYSBDVkUgZm9yIHlvdXIgYWNjb3VudGluZyBlYXJsaWVyLg0KPiANCj4gQWdhaW4s IG15IGZhdWx0LCBzb3JyeSBhYm91dCB0aGF0LCBpZiB5b3UgYWxsIG5lZWQgb25lIGluIHRo ZSBmdXR1cmUgZm9yDQo+IGFueSBpc3N1ZSwgd2Ugd2lsbCBhc3NpZ24gaXQgYWhlYWQgb2Yg dGltZS4NCg0KVGhhbmtzIGZvciB0aGUgbm90aWNlLg0KDQpTdWNoIHRoaW5ncyBoYXBwZW4g YXMgbm9ib2R5IGlzIHBlcmZlY3QuDQoNClN0YXkgdHVuZWQgZm9yIGZ1dHVyZSBDVkUgcmVx dWVzdHMuIDotKQ0KDQoNCkp1ZXJnZW4NCg== --------------PP8RneE0SuDwvL0vSRYinmq3 Content-Type: application/pgp-keys; name="OpenPGP_0xB0DE9DD628BF132F.asc" Content-Disposition: attachment; filename="OpenPGP_0xB0DE9DD628BF132F.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjri oyspZKOBycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2 kaV2KL9650I1SJvedYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i 1TXkH09XSSI8mEQ/ouNcMvIJNwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/B BLUVbDa4+gmzDC9ezlZkTZG2t14zWPvxXP3FAp2pkW0xqG7/377qptDmrk42GlSK N4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEBAAHNHEp1ZXJnZW4gR3Jvc3Mg PGpnQHBmdXBmLm5ldD7CwHkEEwECACMFAlOMcBYCGwMHCwkIBwMCAQYVCAIJCgsE FgIDAQIeAQIXgAAKCRCw3p3WKL8TL0KdB/93FcIZ3GCNwFU0u3EjNbNjmXBKDY4F UGNQH2lvWAUy+dnyThpwdtF/jQ6j9RwE8VP0+NXcYpGJDWlNb9/JmYqLiX2Q3Tye vpB0CA3dbBQp0OW0fgCetToGIQrg0MbD1C/sEOv8Mr4NAfbauXjZlvTj30H2jO0u +6WGM6nHwbh2l5O8ZiHkH32iaSTfN7Eu5RnNVUJbvoPHZ8SlM4KWm8rG+lIkGurq qu5gu8q8ZMKdsdGC4bBxdQKDKHEFExLJK/nRPFmAuGlId1E3fe10v5QL+qHI3EIP tyfE7i9Hz6rVwi7lWKgh7pe0ZvatAudZ+JNIlBKptb64FaiIOAWDCx1SzR9KdWVy Z2VuIEdyb3NzIDxqZ3Jvc3NAc3VzZS5jb20+wsB5BBMBAgAjBQJTjHCvAhsDBwsJ CAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/Ey/HmQf/RtI7kv5A2PS4 RF7HoZhPVPogNVbC4YA6lW7DrWf0teC0RR3MzXfy6pJ+7KLgkqMlrAbN/8Dvjoz7 8X+5vhH/rDLa9BuZQlhFmvcGtCF8eR0T1v0nC/nuAFVGy+67q2DH8As3KPu0344T BDpAvr2uYM4tSqxK4DURx5INz4ZZ0WNFHcqsfvlGJALDeE0LhITTd9jLzdDad1pQ SToCnLl6SBJZjDOX9QQcyUigZFtCXFst4dlsvddrxyqT1f17+2cFSdu7+ynLmXBK 7abQ3rwJY8SbRO2iRulogc5vr/RLMMlscDAiDkaFQWLoqHHOdfO9rURssHNN8WkM nQfvUewRz80hSnVlcmdlbiBHcm9zcyA8amdyb3NzQG5vdmVsbC5jb20+wsB5BBMB AgAjBQJTjHDXAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQsN6d1ii/ Ey8PUQf/ehmgCI9jB9hlgexLvgOtf7PJnFOXgMLdBQgBlVPO3/D9R8LtF9DBAFPN hlrsfIG/SqICoRCqUcJ96Pn3P7UUinFG/I0ECGF4EvTE1jnDkfJZr6jrbjgyoZHi w/4BNwSTL9rWASyLgqlA8u1mf+c2yUwcGhgkRAd1gOwungxcwzwqgljf0N51N5Jf VRHRtyfwq/ge+YEkDGcTU6Y0sPOuj4Dyfm8fJzdfHNQsWq3PnczLVELStJNdapwP OoE+lotufe3AM2vAEYJ9rTz3Cki4JFUsgLkHFqGZarrPGi1eyQcXeluldO3m91NK /1xMI3/+8jbO0tsn1tqSEUGIJi7ox80eSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1 c2UuZGU+wsB5BBMBAgAjBQJTjHDrAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC F4AACgkQsN6d1ii/Ey+LhQf9GL45eU5vOowA2u5N3g3OZUEBmDHVVbqMtzwlmNC4 k9Kx39r5s2vcFl4tXqW7g9/ViXYuiDXb0RfUpZiIUW89siKrkzmQ5dM7wRqzgJpJ wK8Bn2MIxAKArekWpiCKvBOB/Cc+3EXE78XdlxLyOi/NrmSGRIov0karw2RzMNOu 5D+jLRZQd1Sv27AR+IP3I8U4aqnhLpwhK7MEy9oCILlgZ1QZe49kpcumcZKORmzB TNh30FVKK1EvmV2xAKDoaEOgQB4iFQLhJCdP1I5aSgM5IVFdn7v5YgEYuJYx37Io N1EblHI//x/e2AaIHpzK5h88NEawQsaNRpNSrcfbFmAg987ATQRTjHAWAQgAyzH6 AOODMBjgfWE9VeCgsrwH3exNAU32gLq2xvjpWnHIs98ndPUDpnoxWQugJ6MpMncr 0xSwFmHEgnSEjK/PAjppgmyc57BwKII3sV4on+gDVFJR6Y8ZRwgnBC5mVM6JjQ5x Dk8WRXljExRfUX9pNhdE5eBOZJrDRoLUmmjDtKzWaDhIg/+1Hzz93X4fCQkNVbVF LELU9bMaLPBG/x5q4iYZ2k2ex6d47YE1ZFdMm6YBYMOljGkZKwYde5ldM9mo45mm we0icXKLkpEdIXKTZeKDO+Hdv1aqFuAcccTg9RXDQjmwhC3yEmrmcfl0+rPghO0I v3OOImwTEe4co3c1mwARAQABwsBfBBgBAgAJBQJTjHAWAhsMAAoJELDendYovxMv Q/gH/1ha96vm4P/L+bQpJwrZ/dneZcmEwTbe8YFsw2V/Buv6Z4Mysln3nQK5ZadD 534CF7TDVft7fC4tU4PONxF5D+/tvgkPfDAfF77zy2AH1vJzQ1fOU8lYFpZXTXIH b+559UqvIB8AdgR3SAJGHHt4RKA0F7f5ipYBBrC6cyXJyyoprT10EMvU8VGiwXvT yJz3fjoYsdFzpWPlJEBRMedCot60g5dmbdrZ5DWClAr0yau47zpWj3enf1tLWaqc suylWsviuGjKGw7KHQd3bxALOknAp4dN3QwBYCKuZ7AddY9yjynVaD5X7nF9nO5B jR/i1DG86lem3iBDXzXsZDn8R3/CwO0EGAEIACAWIQSFEmdy6PYElKXQl/ew3p3W KL8TLwUCWt3w0AIbAgCBCRCw3p3WKL8TL3YgBBkWCAAdFiEEUy2wekH2OPMeOLge gFxhu0/YY74FAlrd8NAACgkQgFxhu0/YY75NiwD/fQf/RXpyv9ZX4n8UJrKDq422 bcwkujisT6jix2mOOwYBAKiip9+mAD6W5NPXdhk1XraECcIspcf2ff5kCAlG0DIN aTUH/RIwNWzXDG58yQoLdD/UPcFgi8GWtNUp0Fhc/GeBxGipXYnvuWxwS+Qs1Qay 7/Nbal/v4/eZZaWs8wl2VtrHTS96/IF6q2o0qMey0dq2AxnZbQIULiEndgR625EF RFg+IbO4ldSkB3trsF2ypYLij4ZObm2casLIP7iB8NKmQ5PndL8Y07TtiQ+Sb/wn g4GgV+BJoKdDWLPCAlCMilwbZ88Ijb+HF/aipc9hsqvW/hnXC2GajJSAY3Qs9Mib 4Hm91jzbAjmp7243pQ4bJMfYHemFFBRaoLC7ayqQjcsttN2ufINlqLFPZPR/i3IX kt+z4drzFUyEjLM1vVvIMjkUoJs=3D =3DeeAB -----END PGP PUBLIC KEY BLOCK----- --------------PP8RneE0SuDwvL0vSRYinmq3-- --------------KP00Cr08CaoLPpzGlMsnkBLb-- --------------nw8gdKChhgJqVH12D0LHtpD0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAmnFJYMFAwAAAAAACgkQsN6d1ii/Ey/D nQf/frf7lOqSmDBJXfXZ/2DO0ZGv6qn75PPVjrd9AQfEKvdy6l6uxLXb2IPKSAvpb3aZZvb/7ZI4 2c2aYM0KHLHgiZDakcqS45/5+V28yunp0hH7anGj/VJ2c9abvo4AJ9kFxkeRBi08LSNGTIcS0Wyd 18nkgzWuUN5djvS3Ou5anij2ozbpSVLWfYCY6KfUPuux+v58VF3HbxVfwCJujdxtgMbABGvE4YWe R1LitIOk4WZS6TAyVBrLVZlDQ6fsvxaUs7zBt5O3iTattGbM5RNx3SiM5lyt23bRGIGAGv566C43 jJUvW97uZJMX9K3fH2axA+EXm3nGMYR/UTnHFqn83Q== =F6F6 -----END PGP SIGNATURE----- --------------nw8gdKChhgJqVH12D0LHtpD0--