Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2024-53241: Xen hypercall page unsafe against speculative attacks (bsc#1234282).
Bug fixes:
- Update to Xen 4.18.4 security bug fix release (bsc#1027519)
- x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call
- No other changes mentioned in upstream changelog, sources, or webpage
Список пакетов
Image SLES15-SP6
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Azure-Basic
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Azure-Standard
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-Aliyun
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-GDC
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-EC2-ECS-HVM
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-BYOS
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-HPC-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Hardened-BYOS
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Hardened-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Hardened-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Hardened-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-BYOS
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-BYOS
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAP-Hardened-GCE
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAPCAL
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAPCAL-Azure
xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAPCAL-EC2
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
Image SLES15-SP6-SAPCAL-GCE
xen-libs-4.18.4_02-150600.3.15.2
SUSE Linux Enterprise Module for Basesystem 15 SP6
xen-libs-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
SUSE Linux Enterprise Module for Server Applications 15 SP6
xen-4.18.4_02-150600.3.15.2
xen-devel-4.18.4_02-150600.3.15.2
xen-tools-4.18.4_02-150600.3.15.2
xen-tools-xendomains-wait-disk-4.18.4_02-150600.3.15.2
openSUSE Leap 15.6
xen-4.18.4_02-150600.3.15.2
xen-devel-4.18.4_02-150600.3.15.2
xen-doc-html-4.18.4_02-150600.3.15.2
xen-libs-4.18.4_02-150600.3.15.2
xen-libs-32bit-4.18.4_02-150600.3.15.2
xen-tools-4.18.4_02-150600.3.15.2
xen-tools-domU-4.18.4_02-150600.3.15.2
xen-tools-xendomains-wait-disk-4.18.4_02-150600.3.15.2
Ссылки
- Link for SUSE-SU-2025:0142-1
- E-Mail link for SUSE-SU-2025:0142-1
- SUSE Security Ratings
- SUSE Bug 1027519
- SUSE Bug 1234282
- SUSE CVE CVE-2024-53241 page
Описание
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241.
Затронутые продукты
Image SLES15-SP6-Azure-Basic:xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-Azure-Standard:xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS-Azure:xen-libs-4.18.4_02-150600.3.15.2
Image SLES15-SP6-BYOS-EC2:xen-libs-4.18.4_02-150600.3.15.2
Ссылки
- CVE-2024-53241
- SUSE Bug 1234282