xen: patch with XSA-473

This patch only affects ARM, but it's better than setting ARM as knownVulnerabilities. Arm issues with page refcounting There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
2026-01-11 10:22:54 +08:00 · 2025-09-09 22:50:34 +10:00
parent 2648215258
commit 15968113a2
1 changed files with 10 additions and 0 deletions
--- a/pkgs/by-name/xe/xen/package.nix
+++ b/pkgs/by-name/xe/xen/package.nix
@@ -199,6 +199,16 @@ stdenv.mkDerivation (finalAttrs: {
      url = "https://xenbits.xen.org/xsa/xsa472-3.patch";
      hash = "sha256-rikOofQeuLNMBkdQS3xzmwh7BlgMOTMSsQcAOEzNOso=";
    })
+
+    # XSA 473
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa473-1.patch";
+      hash = "sha256-594tTalWcGJSLj3++4QB/ADkHH1qJNrdvg7FG6kOuB8=";
+    })
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa473-2.patch";
+      hash = "sha256-tGuIGxJFBXbckIruSUeTyrM6GabdIj6Pr3cVxeDvNNY=";
+    })
  ];

  outputs = [