Launchpad.net

CVE 2017-12855

Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.

Related bugs and status

CVE-2017-12855 (Candidate) is related to these bugs:

Bug #1321144: /etc/default/grub.d/xen.cfg only works on english language system

		In	Importance	Status
1321144	/etc/default/grub.d/xen.cfg only works on english language system	xen (Ubuntu)	Medium	Fix Released
1321144	/etc/default/grub.d/xen.cfg only works on english language system	xen (Ubuntu Zesty)	Medium	Won't Fix
1321144	/etc/default/grub.d/xen.cfg only works on english language system	xen (Ubuntu Xenial)	Medium	Incomplete

Bug #1763354: Xen stable update to 4.9.2

Summary				In	Importance	Status
	1763354	Xen stable update to 4.9.2		xen (Ubuntu)	Medium	Fix Released
	1763354	Xen stable update to 4.9.2		xen (Ubuntu Artful)	Medium	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://xenbits.xen.org...
BID: 100341
SECTRACK: 1039177
DEBIAN: DSA-3969
CONFIRM: https://support.citrix...