Xen 4.2.1 and 4.1.4 released

I am pleased to announce the release of Xen 4.2.1 and Xen 4.1.4. These are available immediately from the following locations

We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1 and that users of the 4.0 and 4.1 stable series upgrade to Xen 4.1.4.

Xen 4.2.1

The Xen 4.2.1 release fixes the following critical vulnerabilities: We recommend to all users of Xen 4.2.0 to upgrade to Xen 4.2.1.

  • CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
  • CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
  • CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
  • CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
  • CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
  • CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
  • CVE-2012-5511 / XSA-27: Several HVM operations do not validate the range of their inputs
  • CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
  • CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
  • CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values
  • CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs

Among many bug fixes and improvements (around 100 since Xen 4.2.0):

  • A fix for a long standing time management issue
  • Bug fixes for S3 (suspend to RAM) handling
  • Bug fixes for other low level system state handling
  • Bug fixes and improvements to the libxl tool stack
  • Bug fixes to nested virtualization

Xen 4.1.4

The Xen 4.1.4 release contains fixes for the following critical vulnerabilities: We recommend to all users of the 4.0 and 4.1 stable series to upgrade to Xen 4.1.4.

  • CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability
  • CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability
  • CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability
  • CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability
  • CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability
  • CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console
  • CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
  • CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability
  • CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
  • CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
  • CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
  • CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
  • CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
  • CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs
  • CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
  • CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
  • CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
  • CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values
  <li>Among many bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:</li>
  <ul>
    <li>A fix for a long standing time management issue</li>
    <li>Bug fixes for S3 (suspend to RAM) handling</li>
    <li>Bug fixes for other low level system state handling</li>
  </ul>

Read more

Let’s Grow Xen Together!
03/18/2025

Xen is open, secure, and built for the future. As the new Community Manager, I’m focused on growing the Xen community, welcoming new contributors, and ensuring a thriving ecosystem. Let’s build the future of virtualization together!

Xen Project 4.20: A Step Forward in Open Source Virtualization
03/11/2025

The Xen Project has released Xen 4.20 🎉! This release introduces a range of enhancements that further solidify its position as the premier open-source hypervisor. It delivers important security updates, improved performance, and broader hardware support. Xen has doubled down as the best choice for cloud providers, enterprise users, and

Xen Project Winter Meetup
02/13/2025

We just wrapped up the Xen Winter Meetup 2025. It was an amazing opportunity to push Xen forward in a way that can only happen when people get together in person. Organized by Vates, we hosted it at the University of Grenoble IMAG building, a great spot for cutting-edge research

Welcome Honda to the Xen Project Board
12/09/2024

We're excited to announce our newest Advisory Board Member Honda, to Xen Project. Since its foundation, Honda has been committed to "creating a society that is useful to people" by utilizing its technologies and ideas. Honda also focuses on environmental responsiveness and traffic safety, and continue