8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @SigmaSquadron Activity log
- Created automatic suggestion
- @SigmaSquadron dismissed
x86: buffer overrun with shadow paging + tracing
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
References
- https://xenbits.xenproject.org/xsa/advisory-477.html
- http://www.openwall.com/lists/oss-security/2026/01/27/1
- http://xenbits.xen.org/xsa/advisory-477.html
- https://xenbits.xenproject.org/xsa/advisory-477.html
- http://www.openwall.com/lists/oss-security/2026/01/27/1
- http://xenbits.xen.org/xsa/advisory-477.html
Affected products
- ==consult Xen advisory XSA-477
Matching in nixpkgs
pkgs.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.xenon
Monitoring tool based on radon
pkgs.hhexen
Linux port of Raven Game's Hexen
pkgs.lexend
Variable font family designed to aid in reading proficiency
-
nixos-unstable 0.pre+date=2022-09-22
- nixpkgs-unstable 0.pre+date=2022-09-22
- nixos-unstable-small 0.pre+date=2022-09-22
pkgs.uhexen2
Cross-platform port of Hexen II game
pkgs.qemu_xen
Generic and open source machine emulator and virtualizer
pkgs.xenomapper
Utility for post processing mapped reads that have been aligned to a primary genome and a secondary genome and binning reads into species specific, multimapping in each species, unmapped and unassigned bins
pkgs.nxengine-evo
Complete open-source clone/rewrite of the masterpiece jump-and-run platformer Doukutsu Monogatari (also known as Cave Story)
pkgs.xenia-canary
Xbox 360 Emulator Research Project
-
nixos-unstable 0-unstable-2025-11-22
- nixpkgs-unstable 0-unstable-2025-11-22
- nixos-unstable-small 0-unstable-2025-11-22
pkgs.xen-guest-agent
Xen agent running in Linux/BSDs (POSIX) VMs
-
nixos-unstable 0.4.0-unstable-2024-05-31
- nixpkgs-unstable 0.4.0-unstable-2024-05-31
- nixos-unstable-small 0.4.0-unstable-2024-05-31
pkgs.libretro.nxengine
NXEngine libretro port
-
nixos-unstable 0-unstable-2024-10-21
- nixpkgs-unstable 0-unstable-2024-10-21
- nixos-unstable-small 0-unstable-2024-10-21
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
pkgs.hunspellDicts.eu_ES
Basque (Xuxen 5)
-
nixos-unstable 5-2015.11.10
- nixpkgs-unstable 5-2015.11.10
- nixos-unstable-small 5-2015.11.10
pkgs.haskellPackages.xeno
A fast event-based XML parser in pure Haskell
pkgs.python312Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.python313Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.ocamlPackages.xenstore
Xenstore protocol in pure OCaml
pkgs.ocamlPackages.mirage-xen
Xen core platform libraries for MirageOS
pkgs.haskellPackages.xenomorph
None
pkgs.haskellPackages.xmlbf-xeno
xeno backend support for the xmlbf library
pkgs.nltk-data.maxent-ne-chunker
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
pkgs.ocamlPackages.xenstore-tool
Command line tool for interfacing with xenstore
pkgs.ocamlPackages.mirage-net-xen
Network device for reading and writing Ethernet frames via then Xen netfront/netback protocol
pkgs.python312Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.python313Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.nltk-data.maxent-ne-chunker-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
pkgs.ocamlPackages.mirage-bootvar-xen
Handle boot-time arguments for Xen platform
pkgs.ocamlPackages.xenstore_transport
Low-level libraries for connecting to a xenstore service on a xen host
pkgs.nltk-data.maxent-treebank-pos-tagger
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
pkgs.nltk-data.maxent-treebank-pos-tagger-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
Package maintainers
-
@djanatyn Jonathan Strickland <djanatyn@gmail.com>
-
@majiru Jacob Moody <moody@posixcafe.org>
-
@umazalakain Uma Zalakain <ping@umazalakain.info>
-
@fufexan Fufezan Mihai <fufexan@protonmail.com>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@thiagokokada Thiago K. Okada <thiagokokada@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@hrdinka Christoph Hrdinka <c.nix@hrdinka.at>
-
@drewrisinger Drew Risinger <drisinger+nixpkgs@gmail.com>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@hehongbo Hongbo
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@xdHampus Hampus
-
@jbedo Justin Bedő <cu@cua0.org>
-
@jfvillablanca Jann Marc Villablanca <jmfv.dev@gmail.com>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@bengsparks Ben Sparks <benjamin.sparks@protonmail.com>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@tuxy Binh Nguyen <lastpass7565@gmail.com>