xen: patch with XSA-464

2024-11-22 06:53:01 +00:00 · 2024-11-12 21:01:11 +08:00 · 2024-11-12 21:01:11 +08:00 · 68bf0eb022
commit 68bf0eb022
parent ae8c3f2068
2 changed files with 14 additions and 0 deletions
--- a/pkgs/build-support/xen/default.nix
+++ b/pkgs/build-support/xen/default.nix
@ -119,6 +119,7 @@ let
      XSA_460
      XSA_461
      XSA_462
+      XSA_464
    ]
  );

--- a/pkgs/build-support/xen/patches.nix
+++ b/pkgs/build-support/xen/patches.nix
@ -153,4 +153,17 @@ in
    cve = [ "CVE-2024-45817" ];
    hash = "sha256-01lzjaT2f69UfEdTUCkm92DDOmd+Mo8sNPZsHJfgJEM=";
  };
+  "XSA_464" = xsaPatch {
+    id = "464";
+    title = "libxl leaks data to PVH guests via ACPI tables";
+    description = ''
+      PVH guests have their ACPI tables constructed by the toolstack.  The
+      construction involves building the tables in local memory, which are
+      then copied into guest memory.  While actually used parts of the local
+      memory are filled in correctly, excess space that is being allocated is
+      left with its prior contents.
+    '';
+    cve = [ "CVE-2024-45819" ];
+    hash = "sha256-oQa4NuX4Y1hhfnqHV6kvsJZiQ/NAz/WwO0Kidbcyayc=";
+  };
 }