Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966)
Список пакетов
Image SLES15-SP4
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Azure-Basic
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Azure-Standard
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS-Aliyun
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-EC2-ECS-HVM
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-HPC-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Hardened-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Hardened-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Hardened-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Hardened-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-3-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Micro-5-4-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Azure-LI-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Azure-VLI-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-BYOS
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAP-Hardened-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAPCAL
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAPCAL-Azure
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAPCAL-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SAPCAL-GCE
xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2-HVM
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
SUSE Linux Enterprise Module for Basesystem 15 SP4
xen-libs-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
SUSE Linux Enterprise Module for Server Applications 15 SP4
xen-4.16.1_04-150400.4.5.2
xen-devel-4.16.1_04-150400.4.5.2
xen-tools-4.16.1_04-150400.4.5.2
xen-tools-xendomains-wait-disk-4.16.1_04-150400.4.5.2
openSUSE Leap 15.4
xen-4.16.1_04-150400.4.5.2
xen-devel-4.16.1_04-150400.4.5.2
xen-doc-html-4.16.1_04-150400.4.5.2
xen-libs-4.16.1_04-150400.4.5.2
xen-libs-32bit-4.16.1_04-150400.4.5.2
xen-tools-4.16.1_04-150400.4.5.2
xen-tools-domU-4.16.1_04-150400.4.5.2
xen-tools-xendomains-wait-disk-4.16.1_04-150400.4.5.2
Ссылки
- Link for SUSE-SU-2022:2296-1
- E-Mail link for SUSE-SU-2022:2296-1
- SUSE Security Ratings
- SUSE Bug 1027519
- SUSE Bug 1199965
- SUSE Bug 1199966
- SUSE CVE CVE-2022-26362 page
- SUSE CVE CVE-2022-26363 page
- SUSE CVE CVE-2022-26364 page
Описание
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Azure-Standard:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.1_04-150400.4.5.2
Ссылки
- CVE-2022-26362
- SUSE Bug 1199965
Описание
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Azure-Standard:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.1_04-150400.4.5.2
Ссылки
- CVE-2022-26363
- SUSE Bug 1199966
Описание
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
Затронутые продукты
Image SLES15-SP4-Azure-Basic:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-Azure-Standard:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.1_04-150400.4.5.2
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.1_04-150400.4.5.2
Ссылки
- CVE-2022-26364
- SUSE Bug 1199966