Skip to main content


Xen Project 4.16.4

We are pleased to announce the release of Xen 4.16.4. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.16 (tag RELEASE-4.16.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 7251cea957: update Xen version to 4.16.4 [Jan Beulich]
  • 6f6526ac7e: automation: Remove installation of packages from test scripts [Michal Orzel]
  • 7f2df63f72: xen/ELF: Fix ELF32 PRI formatters [Andrew Cooper]
  • aae4235bfe: x86/livepatch: Fix livepatch application when CET is active [Andrew Cooper]
  • 8dbb7df069: x86/hvm: Disallow disabling paging in 64bit mode [Andrew Cooper]
  • eff203e185: x86emul: pull permission check ahead for REP INS/OUTS [Jan Beulich]
  • 1df1a2acab: tools/xenstore: fix quota check in transaction_fix_domains() [Juergen Gross]
  • 31627a059c: CI: Remove llvm-8 from the Debian Stretch container [Andrew Cooper]
  • 27974fde92: automation: Remove non-debug x86_32 build jobs [Anthony PERARD]
  • a4d901580b: automation: Remove CentOS 7.2 containers and builds [Anthony PERARD]
  • 37800cf8ab: automation: Switch arm32 cross builds to run on arm64 [Michal Orzel]
  • 657dc5f5f6: CI: Drop automation/configs/ [Andrew Cooper]
  • 2a4d327387: bump default SeaBIOS version to 1.16.0 [Jan Beulich]
  • 06264af090: ns16550: correct name/value pair parsing for PCI port/bridge [Jan Beulich]
  • d080287c2a: vpci/msix: handle accesses adjacent to the MSI-X table [Roger Pau Monné]
  • 0f81c5a2c8: x86/ucode: Fix error paths control_thread_fn() [Andrew Cooper]
  • b1022b65de: x86/vmx: Don't spuriously crash the domain when INIT is received [Andrew Cooper]
  • 7e1fe95c79: x86/shadow: Fix build with no PG_log_dirty [Andrew Cooper]
  • 90320fd059: x86/nospec: Fix evaluate_nospec() code generation under Clang [Andrew Cooper]
  • cab866ee62: x86/shadow: fix and improve sh_page_has_multiple_shadows() [Jan Beulich]
  • 07e8f5b3d1: VT-d: fix iommu=no-igfx if the IOMMU scope contains fake device(s) [Marek Marczykowski-Górecki]
  • 8e9690a225: AMD/IOMMU: without XT, x2APIC needs to be forced into physical mode [Jan Beulich]
  • 54102e428b: libacpi: fix PCI hotplug AML [David Woodhouse]
  • 49116b2101: bunzip: work around gcc13 warning [Jan Beulich]
  • 4d42cc4d25: VT-d: constrain IGD check [Jan Beulich]
  • cdde3171a2: x86/altp2m: help gcc13 to avoid it emitting a warning [Jan Beulich]
  • 4a6bedefe5: core-parking: fix build with gcc12 and NR_CPUS=1 [Jan Beulich]
  • 5ce8d2aef8: tools/xenmon: Fix for with python3.x [Bernhard Kaindl]
  • 0cbffc6099: tools/python: change 's#' size type for Python >= 3.10 [Marek Marczykowski-Górecki]
  • 3c924fe46b: x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path [Andrew Cooper]
  • 564de020d2: x86/HVM: serialize pinned cache attribute list manipulation [Jan Beulich]
  • 2fe1517a00: x86/HVM: bound number of pinned cache attribute regions [Jan Beulich]
  • b0d6684ee5: x86/shadow: account for log-dirty mode when pre-allocating [Jan Beulich]
  • 84dfe7a56f: x86/ucode/AMD: late load the patch on every logical thread [Sergey Dyasli]
  • 25d103f2eb: libs/guest: Fix leak on realloc failure in backup_ptes() [Edwin Török]
  • b181a3a553: libs/guest: Fix resource leaks in xc_core_arch_map_p2m_tree_rw() [Andrew Cooper]
  • a2adc7fcc2: tools: Use PKG_CONFIG_FILE instead of PKG_CONFIG variable [Bertrand Marquis]
  • f073db0a07: xen: Fix Clang -Wunicode diagnostic when building asm-macros [Andrew Cooper]
  • 2b8f72a6b4: xen: Work around Clang-IAS macro \@ expansion bug [Andrew Cooper]
  • 700320a792: x86: perform mem_sharing teardown before paging teardown [Tamas K Lengyel]
  • d1c6934b41: x86/ucode/AMD: apply the patch early on every logical thread [Sergey Dyasli]
  • 366693226c: credit2: respect credit2_runqueue=all when arranging runqueues [Marek Marczykowski-Górecki]
  • 5857cc632b: x86/shskt: Disable CET-SS on parts susceptible to fractured updates [Andrew Cooper]
  • 2094f834b8: x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} [Andrew Cooper]
  • e4b5dff3d0: libs/util: Fix parallel build between flex/bison and CC rules [Anthony PERARD]
  • 0802504627: automation: Remove clang-8 from Debian unstable container [Anthony PERARD]
  • d4e286db89: x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions [Andrew Cooper]
  • 1b6acdeeb2: tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom() [Andrew Cooper]
  • 1fdff77e26: tools/ocaml/xc: Don't reference Abstract_Tag objects with the GC lock released [Andrew Cooper]
  • 854013084e: tools/ocaml/xc: Fix binding for xc_domain_assign_device() [Edwin Török]
  • e18faeb91e: tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released [Edwin Török]
  • 6d66fb984c: tools/ocaml/libs: Allocate the correct amount of memory for Abstract_tag [Andrew Cooper]
  • 552e5f28d4: tools/ocaml/libs: Don't declare stubs as taking void [Edwin Török]
  • fd1c70442d: tools/oxenstored: validate config file before live update [Edwin Török]
  • f7c4fab9b5: tools/ocaml/xb: Drop Xs_ring.write [Edwin Török]
  • 049d16c8ce: tools/ocaml/xb,mmap: Use Data_abstract_val wrapper [Edwin Török]
  • 8c66a2d88a: tools/ocaml/xenctrl: Use larger chunksize in domain_getinfolist [Edwin Török]
  • c6a3d14df0: tools/ocaml/xenctrl: Make domain_getinfolist tail recursive [Edwin Török]
  • 6e081438bf: libxl: fix guest kexec – skip cpuid policy [Jason Andryuk]
  • 0fd9ad2b9c: ns16550: fix an incorrect assignment to uart->io_size [Ayan Kumar Halder]
  • 1550835b38: x86/shadow: fix PAE check for top-level table unshadowing [Jan Beulich]
  • 9f425039ca: x86/vmx: Support for CPUs without model-specific LBR [Andrew Cooper]
  • 401e9e33a0: x86/vmx: Calculate model-specific LBRs once at start of day [Andrew Cooper]
  • 998c03b2ab: tools: Fix build with recent QEMU, use "–enable-trace-backends" [Anthony PERARD]
  • 7b1b9849e8: x86/S3: Restore Xen's MSR_PAT value on S3 resume [Andrew Cooper]
  • 65bf12135f: x86/time: prevent overflow with high frequency TSCs [Neowutran]
  • f2edbd79f5: ioreq_broadcast(): accept partial broadcast success [Per Bilse]
  • e3396cd8be: update Xen version to 4.16.4-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.16.3 and qemu-xen-4.16.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-425 N/A (Version not vulnerable) N/A N/A
XSA-426 Applied N/A N/A
XSA-427 Applied N/A N/A
XSA-428 Applied N/A N/A
XSA-429 Applied N/A N/A
XSA-430 N/A (Version not vulnerable) N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.16 stable series to update to this latest point release.