Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1541-1

Опубликовано: 07 мая 2024
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

  • CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
  • CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
  • CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
  • Upstream bug fixes (bsc#1027519)

Список пакетов

Image SLES12-SP5-EC2-BYOS
xen-libs-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand
xen-libs-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-On-Demand
xen-libs-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-SAP-BYOS
xen-libs-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-SAP-On-Demand
xen-libs-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
SUSE Linux Enterprise Server 12 SP5
xen-4.12.4_48-3.109.1
xen-doc-html-4.12.4_48-3.109.1
xen-libs-4.12.4_48-3.109.1
xen-libs-32bit-4.12.4_48-3.109.1
xen-tools-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
xen-4.12.4_48-3.109.1
xen-doc-html-4.12.4_48-3.109.1
xen-libs-4.12.4_48-3.109.1
xen-libs-32bit-4.12.4_48-3.109.1
xen-tools-4.12.4_48-3.109.1
xen-tools-domU-4.12.4_48-3.109.1
SUSE Linux Enterprise Software Development Kit 12 SP5
xen-devel-4.12.4_48-3.109.1

Ссылки

Описание

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.

Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_48-3.109.1
Ссылки

Описание

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_48-3.109.1
Ссылки

Описание

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

Затронутые продукты
Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_48-3.109.1
Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_48-3.109.1
Ссылки
Уязвимость SUSE-SU-2024:1541-1