xen: patch with XSA-491

Xen Security Advisory CVE-2026-42487 / XSA-491
                               version 2

                    x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least
translation.  Translations are managed by the device model (via
XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed
at any time.  Traversal of those lists (while handling guest I/O port
accesses) therefore needs synchronizing with updates, which was missing
so far.

A device model of a HVM guest can cause a hypervisor crash, causing a
Denial of Service (DoS) of the entire host.  Privilege escalation and
information leaks cannot be ruled out.

https://xenbits.xen.org/xsa/advisory-491.html

Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
This commit is contained in:
Fernando Rodrigues 2026-06-04 14:29:42 +10:00
commit 1629ccf012
No known key found for this signature in database
GPG key ID: CC3AE2EA00000000

View file

@ -216,6 +216,12 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-PF4zNeaS8aXHBNKLcgjVBUqmREg+nvdyHyLlhX2YBiw=";
})
# XSA #491
(fetchpatch {
url = "https://xenbits.xenproject.org/xsa/xsa491-4.21.patch";
hash = "sha256-I21YIcaK1v7BfBJi/aiVACgR3QyN+/gXnB4YMprT4zA=";
})
# patch `libxl` to search for `qemu-system-i386` properly. (Before 4.21)
(fetchpatch {
url = "https://github.com/xen-project/xen/commit/f6281291704aa356489f4bd927cc7348a920bd01.diff?full_index=1";