Dear Qubes Community,
We have published Qubes Security Bulletin (QSB) #35: Xen hypervisor issue related to grant tables (XSA-236). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB #35 in the qubes-secpack:
Learn about the qubes-secpack, including how to obtain, verify, and read it:
View all past QSBs:
View XSA-236 in the XSA Tracker:
---===[ Qubes Security Bulletin #35 ]===--- October 24, 2017 Xen hypervisor issue related to grant tables (XSA-236) Summary ======== The Xen Security Team has published Xen Security Advisory 236, which concerns an issue with the grant tables mechanism used to share memory between domains. The practical impact of this advisory is believed to be denial of service only. However, privilege escalation and information leaks are theoretically possible. Technical details ================== Xen Security Advisory 236 : | Grant copying code made an implication that any grant pin would be | accompanied by a suitable page reference. Other portions of code, | however, did not match up with that assumption. When such a grant | copy operation is being done on a grant of a dying domain, the | assumption turns out wrong. | | A malicious guest administrator can cause hypervisor memory | corruption, most likely resulting in host crash and a Denial of | Service. Privilege escalation and information leaks cannot be ruled | out. Compromise Recovery ==================== Beginning with Qubes 3.2, we offer Paranoid Backup Restore Mode, which was designed specifically to aid in the recovery of a potentially compromised Qubes OS system. If you believe your system may be compromised (perhaps because of the issue discussed in this bulletin), please read and follow the procedure described here: https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/ Patching ========= The specific packages that resolve the problem discussed in this bulletin are as follows: For Qubes 3.2: - Xen packages, version 4.6.6-34 For Qubes 4.0: - Xen packages, version 4.8.2-9 The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing A system restart will be required afterwards. These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. If you use Anti Evil Maid, you will need to reseal your secret passphrase to new PCR values, as PCR18+19 will change due to the new Xen binaries. Credits ======== See the original Xen Security Advisory. References ===========  https://xenbits.xen.org/xsa/advisory-236.html -- The Qubes Security Team https://www.qubes-os.org/security/