FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5b8c6e1e-770f-11eb-b87a-901b0ef719abFreeBSD -- Xen grant mapping error handling issues

Problem Description:

Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.

Unfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery.

Impact:

A malicious or buggy frontend driver may be able to cause resource leaks in the domain running the corresponding backend driver.


Discovery 2021-02-24
Entry 2021-02-25
FreeBSD-kernel
ge 12.2 lt 12.2_4

ge 11.4 lt 11.4_8

CVE-2021-26932
SA-21:06.xen