Skip to main content


Xen 4.1.4

Xen 4.1.4 is a maintenance release in the 4.1 series and contains:

Fixes for the following critical vulnerabilities: We recommend all users of the 4.0 and 4.1 stable series to update to Xen 4.1.4.

CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability
CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability
CVE-2012-3496 / XSA-14: XENMEM_populate_physmap DoS vulnerability
CVE-2012-3498 / XSA-16: PHYSDEVOP_map_pirq index vulnerability
CVE-2012-3515 / XSA-17: Qemu VT100 emulation vulnerability
CVE-2012-4411 / XSA-19: guest administrator can access qemu monitor console
CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
CVE-2012-4536 / XSA-21: pirq range check DoS vulnerability
CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
CVE-2012-4539 / XSA-24: Grant table hypercall infinite loop DoS vulnerability
CVE-2012-4544,CVE-2012-2625 / XSA-25: Xen domain builder Out-of-memory due to malicious kernel/ramdisk
CVE-2012-5510 / XSA-26: Grant table version switch list corruption vulnerability
CVE-2012-5511 / XSA-27: several HVM operations do not validate the range of their inputs
CVE-2012-5512 / XSA-28: HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak
CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
CVE-2012-5514 / XSA-30: Broken error handling in guest_physmap_mark_populate_on_demand()
CVE-2012-5515 / XSA-31: Several memory hypercall operations allow invalid extent order values

Among many bug fixes and improvements (almost 100 since Xen 4.1.3). Highlights are:

A fix for a long standing time management issue
Bug fixes for S3 (suspend to RAM) handling
Bug fixes for other low level system state handling

It also contains the following fixes from earlier maintenance releases:

Security fixes including CVE-2011-1583, CVE-2011-1898, CVE-2012-0217 / XSA-7, CVE-2012-0218 / XSA-8, CVE-2012-2934 / XSA-9, CVE-2012-3432 / XSA-10 and CVE-2012-3433 / XSA-11
Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
Many bug fixes and improvements, such as:

Updates for the latest Intel/AMD CPU revisions
Bug fixes and improvements to the libxl tool stack
Bug fixes for IOMMU handling (device passthrough to HVM guests)
Bug fixes for host kexec/kdump
PV-on-HVM stability fixes (fixing some IRQ issues)
XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions)
RAS fixes for high availability
fixes for offlining bad pages
changes to libxc, mainly of benefit to libvirt
New XL toolstack
Debug support: kexec/kdump
Remus (High Availability)
Device passthrough to HVM guests
Interrupt handling
Support for Supervisor Mode Execution Protection (SMEP)

Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.

The Xen 4.1 release contains a number of important new features and updates including:

A re-architected XL toolstack that is functionally nearly equivalent to XM/XEND
Prototype credit2 scheduler designed for latency-sensitive workloads and very large systems
CPU Pools for advanced partitioning
Support for large systems (>255 processors and 1GB/2MB super page support)
Support for x86 Advanced Vector eXtension (AVX)
New Memory Access API enabling integration of 3rd party security solutions into Xen virtualized environments
Even better stability through our new automated regression tests
Xen 4.1 Release Notes
Xen 4.1 Datasheet

Xen 4.1.4

Xen 4.1.4 (hypervisor and tools) official source distribution