CVE-2019-17351 assigned for XSA-300

author: Salvatore Bonaccorso <carnil@debian.org> 2019-10-08 08:51:15 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-10-08 08:51:15 +0200
commit: 674739caa188c576bada5b237c09114743498d42 (patch)
tree: 4444221e60310796938ab0bdb6ed81cdb5e92833 /retired/CVE-2019-17351
parent: a2eee68e7cc51bc1a38412eb724d0fc52872425e (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2019-17351 b/retired/CVE-2019-17351
new file mode 100644
index 00000000..05fbd0c1
--- /dev/null
+++ b/retired/CVE-2019-17351
@@ -0,0 +1,18 @@
+Description: No grant table and foreign mapping limits
+References:
+ https://xenbits.xen.org/xsa/advisory-300.html
+Notes:
+ carnil> Is a1078e821b60 ("xen: let alloc_xenballooned_pages() fail if
+ carnil> not enough memory free") enough or is more needed?
+ benh> The advisory says another patch will be needed for domU.
+ benh> For 3.16 we need d02bd27bd33d "mm/page_alloc.c: calculate
+ benh> 'available' memory in a separate function" first.
+Bugs:
+upstream: released (5.3-rc1) [a1078e821b605813b63bf6bca414a85f804d5c66]
+4.19-upstream-stable: released (4.19.61) [e73db096691e5f2720049502a3794a2a0c6d1b1f]
+4.9-upstream-stable: released (4.9.187) [259b0fc2caddc21a6b561b595747a8091102f7ff]
+3.16-upstream-stable: released (3.16.72) [2ed58e578b03269b23eb7119fb38478725ae6470]
+sid: released (5.2.6-1)
+4.19-buster-security: released (4.19.67-1)
+4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/xen-let-alloc_xenballooned_pages-fail-if-not-enough-.patch]
+3.16-jessie-security: released (3.16.72-1)
author	Salvatore Bonaccorso <carnil@debian.org>	2019-10-08 08:51:15 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-10-08 08:51:15 +0200
commit	674739caa188c576bada5b237c09114743498d42 (patch)
tree	4444221e60310796938ab0bdb6ed81cdb5e92833 /retired/CVE-2019-17351
parent	a2eee68e7cc51bc1a38412eb724d0fc52872425e (diff)