mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-07-06 17:13:24 -05:00
xen: patch with XSA-490
Released a while ago. We had difficulties adding it to Nixpkgs at the time as
our Xen needed to be updated to the .3 release.
Xen Security Advisory CVE-2025-54518 / XSA-490
x86: CPU Opcode Cache corruption
AMD have disclosed a potential vulnerability in certain CPUs which can
cause instructions to execute at a higher privilege.
For more information, see:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
Code of any privilege could escalate to a higher privilege, including
userspace to kernel, and guest to host.
https://xenbits.xen.org/xsa/advisory-490.html
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
(cherry picked from commit a343770e93)
This commit is contained in:
parent
e50b2e0799
commit
c5efc36baa
1 changed files with 6 additions and 0 deletions
|
|
@ -210,6 +210,12 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-QttKWdmWC6Zn5k2hd6RIMCpLWv71HB/A9mCbDP+i8to=";
|
||||
})
|
||||
|
||||
# XSA #490
|
||||
(fetchpatch {
|
||||
url = "https://xenbits.xenproject.org/xsa/xsa490-4.21.patch";
|
||||
hash = "sha256-PF4zNeaS8aXHBNKLcgjVBUqmREg+nvdyHyLlhX2YBiw=";
|
||||
})
|
||||
|
||||
# patch `libxl` to search for `qemu-system-i386` properly. (Before 4.21)
|
||||
(fetchpatch {
|
||||
url = "https://github.com/xen-project/xen/commit/f6281291704aa356489f4bd927cc7348a920bd01.diff?full_index=1";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue