xen: patch with XSA-473

This patch only affects ARM, but it's better than setting ARM as knownVulnerabilities. Arm issues with page refcounting There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net> (cherry picked from commit 15968113a2)
2026-01-11 18:32:23 +08:00 · 2025-09-09 22:50:34 +10:00
parent fbc146f31e
commit f6fd7105b5
1 changed files with 10 additions and 0 deletions
--- a/pkgs/by-name/xe/xen/package.nix
+++ b/pkgs/by-name/xe/xen/package.nix
@@ -24,5 +24,15 @@ buildXenPackage.override { inherit python3Packages; } {
      url = "https://xenbits.xen.org/xsa/xsa472-3.patch";
      hash = "sha256-rikOofQeuLNMBkdQS3xzmwh7BlgMOTMSsQcAOEzNOso=";
    })
+
+    # XSA 473
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa473-1.patch";
+      hash = "sha256-594tTalWcGJSLj3++4QB/ADkHH1qJNrdvg7FG6kOuB8=";
+    })
+    (fetchpatch {
+      url = "https://xenbits.xen.org/xsa/xsa473-2.patch";
+      hash = "sha256-tGuIGxJFBXbckIruSUeTyrM6GabdIj6Pr3cVxeDvNNY=";
+    })
  ];
 }