Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (XSA-452, bsc#1221332)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (XSA-453, bsc#1221334)
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Ссылки
- Link for SUSE-SU-2024:2535-1
- E-Mail link for SUSE-SU-2024:2535-1
- SUSE Security Ratings
- SUSE Bug 1214083
- SUSE Bug 1221332
- SUSE Bug 1221334
- SUSE Bug 1221984
- SUSE Bug 1222302
- SUSE Bug 1222453
- SUSE Bug 1227355
- SUSE CVE CVE-2023-28746 page
- SUSE CVE CVE-2023-46842 page
- SUSE CVE CVE-2024-2193 page
- SUSE CVE CVE-2024-2201 page
- SUSE CVE CVE-2024-31142 page
- SUSE CVE CVE-2024-31143 page
Описание
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2023-28746
- SUSE Bug 1213456
- SUSE Bug 1221323
Описание
Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash.
Затронутые продукты
Ссылки
- CVE-2023-46842
- SUSE Bug 1221984
Описание
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Затронутые продукты
Ссылки
- CVE-2024-2193
- SUSE Bug 1217857
Описание
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Затронутые продукты
Ссылки
- CVE-2024-2201
- SUSE Bug 1212111
- SUSE Bug 1217339
Описание
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html
Затронутые продукты
Ссылки
- CVE-2024-31142
- SUSE Bug 1222302
Описание
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
Затронутые продукты
Ссылки
- CVE-2024-31143
- SUSE Bug 1227355