Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Fedora 35: 2021-829f5f2f43 Critical: PCI Device RMRR Deassignment Issue

fedora
Calendar Grey October 29, 2021
Dist Fedora Esm H88
PCI devices with RMRRs face improper deallocation in Fedora 35's xen upgrade, enabling potential Denial of Service vulnerabilities.
PCI devices with RMRRs not deassigned correctly [XSA-386, CVE-2021-28702]

Summary

This package contains the XenD daemon and xm command line

tools, needed to manage virtual machines running under the

Xen hypervisor

PCI devices with RMRRs not deassigned correctly [XSA-386, CVE-2021-28702]

[ 1 ] Bug #2011247 - CVE-2021-28702 xen: administrators of guests which have been assigned RMRR-using PCI devices can cause DoS

https://bugzilla.redhat.com/show_bug.cgi?id=2011247

su -c 'dnf upgrade --advisory FEDORA-2021-829f5f2f43' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 4.15.1
Release: 2.fc35
Summary: Xen is a virtual machine monitor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.