XCP-ng: Security Update for November 2023
XCP-ng has released a new security update for the 8.2 LTS version. The update includes new microcode from Intel to mitigate hardware vulnerabilities. However, it is recommended to update the hardware’s firmware for the best results. The update also addresses security issues related to IOMMU and PV guests in the Xen Project. The fixed vulnerability, CVE-2023-23583, can allow privilege escalation, information disclosure, or denial of service. It affects specific generations of server, desktop, embedded, and mobile processors.
The update also mentions upcoming fixes for XSA-445 and XSA-446 vulnerabilities. XSA-445 can affect hosts if the dom_io
feature is enabled, and XSA-446 can bypass certain protections for PV guests. It is recommended to avoid PV guests to avoid any potential impact. The updated microcode for Intel SA is included in the XCP-ng update. The integration of fixes for XSAs will be incorporated in a future release or as needed in the coming days.