Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2025-27465: Fixed incorrect stubs exception handling for flags recovery (XSA-470) (bsc#1244644)
- Fixed more AMD transient execution attacks (XSA-471) (bsc#1246112)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
xen-4.12.4_62-3.130.1
xen-devel-4.12.4_62-3.130.1
xen-doc-html-4.12.4_62-3.130.1
xen-libs-4.12.4_62-3.130.1
xen-libs-32bit-4.12.4_62-3.130.1
xen-tools-4.12.4_62-3.130.1
xen-tools-domU-4.12.4_62-3.130.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
xen-4.12.4_62-3.130.1
xen-devel-4.12.4_62-3.130.1
xen-doc-html-4.12.4_62-3.130.1
xen-libs-4.12.4_62-3.130.1
xen-libs-32bit-4.12.4_62-3.130.1
xen-tools-4.12.4_62-3.130.1
xen-tools-domU-4.12.4_62-3.130.1
Ссылки
- Link for SUSE-SU-2025:02471-1
- E-Mail link for SUSE-SU-2025:02471-1
- SUSE Security Ratings
- SUSE Bug 1244644
- SUSE Bug 1246112
- SUSE CVE CVE-2025-27465 page
Описание
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up and recover the changes to the arithmetic flags. For replayed instructions where the flags recovery logic is used, the metadata for exception handling was incorrect, preventing Xen from handling the the exception gracefully, treating it as fatal instead.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:xen-4.12.4_62-3.130.1
SUSE Linux Enterprise Server 12 SP5-LTSS:xen-devel-4.12.4_62-3.130.1
SUSE Linux Enterprise Server 12 SP5-LTSS:xen-doc-html-4.12.4_62-3.130.1
SUSE Linux Enterprise Server 12 SP5-LTSS:xen-libs-32bit-4.12.4_62-3.130.1
Ссылки
- CVE-2025-27465
- SUSE Bug 1244644