xen: patch with XSA-472

Mutiple vulnerabilities in the Viridian interface There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
2026-01-11 18:32:23 +08:00 · 2025-09-09 22:45:20 +10:00
parent 97d71870a3
commit 2648215258
1 changed files with 15 additions and 0 deletions
--- a/pkgs/by-name/xe/xen/package.nix
+++ b/pkgs/by-name/xe/xen/package.nix
@@ -3,6 +3,7 @@
  stdenv,
  testers,
  fetchgit,
+  fetchpatch,
  replaceVars,

  # Xen
@@ -184,6 +185,20 @@ stdenv.mkDerivation (finalAttrs: {
    ./0001-makefile-efi-output-directory.patch

    (replaceVars ./0002-scripts-external-executable-calls.patch scriptDeps)
+
+    # XSA 472
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa472-1.patch";
+      hash = "sha256-6k/X7KFno9uBG0mUtJxl7TMavaRs2Xlj9JlW9ai6p0k=";
+    })
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa472-2.patch";
+      hash = "sha256-BisdztU9Wa5nIGmHo4IikqYPHdEhBehHaNqj1IuBe6I=";
+    })
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa472-3.patch";
+      hash = "sha256-rikOofQeuLNMBkdQS3xzmwh7BlgMOTMSsQcAOEzNOso=";
+    })
  ];

  outputs = [