Описание
Security update for xen
This update for xen fixes the following issues:
Security fixes:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Other fixes:
- Upstream bug fixes (bsc#1027519)
Список пакетов
Image SLES15-SP4-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-HPC-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Hardened-BYOS
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Hardened-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Hardened-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Hardened-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-3-EC2
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-EC2
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-Micro-5-4-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-BYOS
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-BYOS
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAP-Hardened-GCE
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAPCAL
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAPCAL-Azure
xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAPCAL-EC2
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-SAPCAL-GCE
xen-libs-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise Micro 5.3
xen-libs-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise Micro 5.4
xen-libs-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise Server 15 SP4-LTSS
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
SUSE Manager Proxy 4.3
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
SUSE Manager Server 4.3
xen-4.16.7_02-150400.4.72.1
xen-devel-4.16.7_02-150400.4.72.1
xen-libs-4.16.7_02-150400.4.72.1
xen-tools-4.16.7_02-150400.4.72.1
xen-tools-domU-4.16.7_02-150400.4.72.1
xen-tools-xendomains-wait-disk-4.16.7_02-150400.4.72.1
Ссылки
- Link for SUSE-SU-2025:02326-1
- E-Mail link for SUSE-SU-2025:02326-1
- SUSE Security Ratings
- SUSE Bug 1027519
- SUSE Bug 1234282
- SUSE Bug 1238043
- SUSE Bug 1238896
- SUSE Bug 1243117
- SUSE Bug 1244644
- SUSE Bug 1246112
- SUSE CVE CVE-2024-28956 page
- SUSE CVE CVE-2024-36350 page
- SUSE CVE CVE-2024-36357 page
- SUSE CVE CVE-2024-53241 page
- SUSE CVE CVE-2025-1713 page
- SUSE CVE CVE-2025-27465 page
Описание
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2024-28956
- SUSE Bug 1242006
- SUSE Bug 1243123
Описание
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2024-36350
- SUSE Bug 1238896
Описание
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2024-36357
- SUSE Bug 1238896
Описание
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2024-53241
- SUSE Bug 1234282
Описание
When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2025-1713
- SUSE Bug 1238043
Описание
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up and recover the changes to the arithmetic flags. For replayed instructions where the flags recovery logic is used, the metadata for exception handling was incorrect, preventing Xen from handling the the exception gracefully, treating it as fatal instead.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-libs-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-EC2:xen-tools-domU-4.16.7_02-150400.4.72.1
Image SLES15-SP4-BYOS-GCE:xen-libs-4.16.7_02-150400.4.72.1
Ссылки
- CVE-2025-27465
- SUSE Bug 1244644