Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984).
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
Список пакетов
Image SLES15-SP6
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Azure-Basic
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Azure-Standard
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-GDC
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-EC2-ECS-HVM
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-BYOS
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-HPC-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-BYOS
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-GCE
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAPCAL
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAPCAL-Azure
xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAPCAL-EC2
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
Image SLES15-SP6-SAPCAL-GCE
xen-libs-4.18.2_06-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
xen-libs-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
xen-4.18.2_06-150600.3.3.1
xen-devel-4.18.2_06-150600.3.3.1
xen-tools-4.18.2_06-150600.3.3.1
xen-tools-xendomains-wait-disk-4.18.2_06-150600.3.3.1
openSUSE Leap 15.6
xen-4.18.2_06-150600.3.3.1
xen-devel-4.18.2_06-150600.3.3.1
xen-doc-html-4.18.2_06-150600.3.3.1
xen-libs-4.18.2_06-150600.3.3.1
xen-libs-32bit-4.18.2_06-150600.3.3.1
xen-tools-4.18.2_06-150600.3.3.1
xen-tools-domU-4.18.2_06-150600.3.3.1
xen-tools-xendomains-wait-disk-4.18.2_06-150600.3.3.1
Ссылки
- Link for SUSE-SU-2024:2531-1
- E-Mail link for SUSE-SU-2024:2531-1
- SUSE Security Ratings
- SUSE Bug 1027519
- SUSE Bug 1214718
- SUSE Bug 1221984
- SUSE Bug 1225953
- SUSE Bug 1227355
- SUSE CVE CVE-2023-46842 page
- SUSE CVE CVE-2024-31143 page
Описание
Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.
Затронутые продукты
Image SLES15-SP6-Azure-Basic:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Azure-Standard:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-Azure:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-EC2:xen-libs-4.18.2_06-150600.3.3.1
Ссылки
- CVE-2023-46842
- SUSE Bug 1221984
Описание
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
Затронутые продукты
Image SLES15-SP6-Azure-Basic:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-Azure-Standard:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-Azure:xen-libs-4.18.2_06-150600.3.3.1
Image SLES15-SP6-BYOS-EC2:xen-libs-4.18.2_06-150600.3.3.1
Ссылки
- CVE-2024-31143
- SUSE Bug 1227355