Skip to main content


Xen Project 4.5.3

We are pleased to announce the release of Xen 4.5.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.5 (tag RELEASE-4.5.3) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 619ea5d: update Xen version to 4.5.3 [Jan Beulich]

  • 3f802a5: vmx: restore debug registers when injecting #DB traps [Ross Lagerwall]
  • a8f23b3: x86: don’t flush the whole cache when changing cachability [David Vrabel]
  • 1fac32b: libvchan: Read prod/cons only once. [Konrad Rzeszutek Wilk]
  • d165c49: x86emul: limit-check branch targets [Jan Beulich]
  • 9ab5f84: x86/hvm: print register state upon triple fault [Andrew Cooper]
  • 4368db0: x86emul: fix rIP handling [Jan Beulich]
  • a48c1d3: xen/arm: vgic-v2: Implement correctly ITARGETSR0 – ITARGETSR7 read-only [Julien Grall]
  • 86060f8: xen/arm: vgic-v2: Report the correct GICC size to the guest [Julien Grall]
  • 812406c: tools: pygrub: if partition table is empty, try treating as a whole disk [Ian Campbell]
  • fe71162: x86: fix unintended fallthrough case from XSA-154 [Andrew Cooper]
  • d4e0fcb: xen/arm64: Make sure we get all debug output [Dirk Behme]
  • 820311c: hvmloader: fix scratch_alloc to avoid overlaps [Anthony PERARD]
  • 1d69621: x86/nHVM: avoid NULL deref during INVLPG intercept handling [Jan Beulich]
  • 836dc18: credit: recalculate per-cpupool credits when updating timeslice [Juergen Gross]
  • 3fa5fb5: credit: update timeslice under lock [Juergen Gross]
  • 0baa073: x86/vmx: don’t clobber exception_bitmap when entering/leaving emulated real mode [Andrew Cooper]
  • a7f6bcb: x86/mce: fix misleading indentation in init_nonfatal_mce_checker() [Ian Campbell]
  • 677eb6e: x86: fix (and simplify) MTRR overlap checking [Jan Beulich]
  • e7fa1af: x86/mmuext: tighten TLB flush address checks [Jan Beulich]
  • 30b0e11: x86/VMX: sanitize rIP before re-entering guest [Jan Beulich]
  • 96b4955: x86: enforce consistent cachability of MMIO mappings [Jan Beulich]
  • 7afddd3: docs: correct descriptions of gnttab_max_{, maptrack}_frames [Ian Campbell]
  • 5a1acb6: x86/vmx: Fix injection of #DB traps following XSA-156 [Andrew Cooper]
  • 934e86f: x86/VMX: prevent INVVPID failure due to non-canonical guest address [Jan Beulich]
  • 642943d: x86/mm: PV superpage handling lacks sanity checks [Jan Beulich]
  • a34fbcf: tools/ocaml/xb: Correct calculations of data/space the ring [Andrew Cooper]
  • d603cb9: oxenstored: Quota.merge: don’t assume domain already exists [Jonathan Davies]
  • ee576d7: update OVMF changeset [Wei Liu]
  • 845e8c1: blktap: Fix two ‘maybe uninitialized’ variables [Dario Faggioli]
  • 7b2ce45: QEMU_TAG update [Ian Jackson]
  • 172797e: QEMU_TAG update [Ian Jackson]
  • 880c29f: x86/HVM: avoid reading ioreq state more than once [Jan Beulich]
  • b45e534: x86: don’t leak ST(n)/XMMn values to domains first using them [Jan Beulich]
  • 4c11414: x86/time: fix domain type check in tsc_set_info() [Haozhong Zhang]
  • d11d0df: VT-d: drop unneeded Ivybridge quirk workaround [Jan Beulich]
  • 74b7f46: evtchn: don’t reuse ports that are still “busy” [David Vrabel]
  • 4c8859e: x86/ept: remove unnecessary sync after resolving misconfigured entries [David Vrabel]
  • 7c56b09: x86/boot: check for not allowed sections before linking [Daniel Kiper]
  • fea50c0: x86/vPMU: document as unsupported [Jan Beulich]
  • 413d59f: sched: fix locking for insert_vcpu() in credit1 and RTDS [Dario Faggioli]
  • ec70614: VMX: fix/adjust trap injection [Jan Beulich]
  • f44b542: x86/HVM: don’t inject #DB with error code [Jan Beulich]
  • 96aaf7e: x86/vmx: improvements to vmentry failure handling [Andrew Cooper]
  • 92bea0a: x86/PoD: Make p2m_pod_empty_cache() restartable [Andrew Cooper]
  • a84cecd: memory: fix XSA-158 fix [Jan Beulich]
  • b248662: QEMU_TAG update [Ian Jackson]
  • 42f4d98: libxl: Fix bootloader-related virtual memory leak on pv build failure [Ian Jackson]
  • 746534f: memory: fix XENMEM_exchange error handling [Jan Beulich]
  • e0d4509: memory: split and tighten maximum order permitted in memops [Jan Beulich]
  • 0cabed0: Config: Switch to unified qemu trees. [Ian Campbell]
  • f299bd4: update Xen version to 4.5.3-pre [Jan Beulich]
  • 6d8233d: x86/HVM: always intercept #AC and #DB [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • f5bf3ed: MSI-X: avoid array overrun upon MSI-X table writes [Jan Beulich]
  • f9eb995: blkif: Avoid double access to src->nr_segments [Stefano Stabellini]
  • 12cbf57: xenfb: avoid reading twice the same fields from the shared page [Stefano Stabellini]
  • 3159615: net: pcnet: add check to validate receive data size(CVE-2015-7504) [Ian Jackson]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.5.2 and qemu-xen-4.5.3).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSAXenqemu-traditional qemu-upstream
XSA-157N/A (XSA applies to Linux only)
XSA-161N/A (XSA withdrawn)
XSA-164N/AApplied N/A (applies to qemu-traditional only)
XSA-169N/A (XSA applies to Xen 4.6 only)

See for details related to Xen Project security advisories.
We recommend all users of the 4.5 stable series to update to this latest point release.