XSAs released on 2022-04-05

system · April 6, 2022, 3:44am

The Xen Project has released one or more Xen Security Advisories (XSAs). The security of Qubes OS is affected. Therefore, user action is required.

XSAs that affect the security of Qubes OS (user action required)

The following XSAs do affect the security of Qubes OS:

XSA-399
XSA-400

Please see QSB-079 for the actions users must take in order to protect themselves, as well as further details about these XSAs:

https://www.qubes-os.org/news/2022/04/05/qsb-079/

XSAs that do not affect the security of Qubes OS (no user action required)

The following XSAs do not affect the security of Qubes OS, and no user action is necessary:

XSA-397 (denial of service only)

Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/

This is a companion discussion topic for the original entry at https://www.qubes-os.org/news/2022/04/05/xsas-released-on-2022-04-05/

zithro · April 7, 2022, 10:26pm

For XSA-397, which I don’t really understand (memory from where to where ?), “An attacker can cause Xen to leak memory”, couldn’t that (bad) memory be executed by dom0 ?

Also, am I correct that XSA-399 only affects Intel CPUs ?

XSAs released on 2022-04-05

XSAs that affect the security of Qubes OS (user action required)

XSAs that do not affect the security of Qubes OS (no user action required)

Related links