All of our systems have been patched to address the following XSAs made public Tuesday, all of which are privilege escalation vulnerabilities:
- XSA-231 Missing NUMA node parameter verification,
- XSA-232 Missing check for grant table,
- XSA-234 insufficient grant unmapping checks for x86 PV guests,
In June, when we patched XSA 216-225, we deployed LivePatch support. While it was not possible to use LivePatch in our August maintenance window, we were able to LivePatch these XSAs, which let us avoid rebooting most of our machines. Unfortunately, we did reboot one server due to live patching bug in Xen. That bug has now been fixed. We’ll have a separate follow-up post with details on that bug.