Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4945-1

Опубликовано: 21 дек. 2023
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

  • CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807).
  • CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654).

Update to Xen 4.17.3 bug fix release (bsc#1027519).

Список пакетов

Image SLES15-SP5-Azure-3P
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Basic
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Standard
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-GDC
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-HPC-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-HPC-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-HPC-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-HPC-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Hardened-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Hardened-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Hardened-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-BYOS
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Micro-5-5-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Azure-3P
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Hardened-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAP-Hardened-GCE
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAPCAL-Azure
xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAPCAL-EC2
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
Image SLES15-SP5-SAPCAL-GCE
xen-libs-4.17.3_02-150500.3.18.1
SUSE Linux Enterprise Micro 5.5
xen-libs-4.17.3_02-150500.3.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
xen-libs-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
xen-4.17.3_02-150500.3.18.1
xen-devel-4.17.3_02-150500.3.18.1
xen-tools-4.17.3_02-150500.3.18.1
xen-tools-xendomains-wait-disk-4.17.3_02-150500.3.18.1
openSUSE Leap 15.5
xen-4.17.3_02-150500.3.18.1
xen-devel-4.17.3_02-150500.3.18.1
xen-doc-html-4.17.3_02-150500.3.18.1
xen-libs-4.17.3_02-150500.3.18.1
xen-libs-32bit-4.17.3_02-150500.3.18.1
xen-tools-4.17.3_02-150500.3.18.1
xen-tools-domU-4.17.3_02-150500.3.18.1
xen-tools-xendomains-wait-disk-4.17.3_02-150500.3.18.1

Ссылки

Описание

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.

Затронутые продукты
Image SLES15-SP5-Azure-3P:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Basic:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Standard:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-BYOS-Azure:xen-libs-4.17.3_02-150500.3.18.1
Ссылки

Описание

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.

Затронутые продукты
Image SLES15-SP5-Azure-3P:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Basic:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-Azure-Standard:xen-libs-4.17.3_02-150500.3.18.1
Image SLES15-SP5-BYOS-Azure:xen-libs-4.17.3_02-150500.3.18.1
Ссылки
Уязвимость SUSE-SU-2023:4945-1