Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:03172-1

Опубликовано: 11 сент. 2025
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security issues fixed:

  • CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807).
  • CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807).
  • CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807).

Other issues fixed:

  • efi: Call FreePages() only if needed (bsc#1027519).
  • x86/hpet: do local APIC EOI after interrupt processing (bsc#1027519).
  • x86/hvm/ioreq: Fix condition in hvm_alloc_legacy_ioreq_gfn() (bsc#1027519).
  • x86/idle: Fix the C6 eoi_errata[] list to include NEHALEM_EX (bsc#1027519).
  • x86/iommu: setup MMCFG ahead of IOMMU (bsc#1027519).
  • x86/mce: Adjustments to intel_init_ppin() (bsc#1027519).
  • x86/mkelf32: pad load segment to 2Mb boundary (bsc#1027519).

Список пакетов

Image SLES15-SP7-Azure-3P
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Basic
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Standard
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-Aliyun
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-GDC
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-CHOST-BYOS-SAP-CCloud
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-EC2-ECS-HVM
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-GCE-3P
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-HPC-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-HPC-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-HPC-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-HPC-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Hardened-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Hardened-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Hardened-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Azure-3P
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Azure-LI-BYOS-Production
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-GCE-3P
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Hardened-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Hardened-BYOS-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Hardened-BYOS-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Hardened-BYOS-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAP-Hardened-GCE
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAPCAL-Azure
xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAPCAL-EC2
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
Image SLES15-SP7-SAPCAL-GCE
xen-libs-4.20.1_04-150700.3.11.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
xen-libs-4.20.1_04-150700.3.11.1
xen-tools-domU-4.20.1_04-150700.3.11.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
xen-4.20.1_04-150700.3.11.1
xen-devel-4.20.1_04-150700.3.11.1
xen-tools-4.20.1_04-150700.3.11.1
xen-tools-xendomains-wait-disk-4.20.1_04-150700.3.11.1

Ссылки

Описание

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

Затронутые продукты
Image SLES15-SP7-Azure-3P:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Basic:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Standard:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-Azure:xen-libs-4.20.1_04-150700.3.11.1
Ссылки

Описание

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

Затронутые продукты
Image SLES15-SP7-Azure-3P:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Basic:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Standard:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-Azure:xen-libs-4.20.1_04-150700.3.11.1
Ссылки

Описание

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

Затронутые продукты
Image SLES15-SP7-Azure-3P:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Basic:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-Azure-Standard:xen-libs-4.20.1_04-150700.3.11.1
Image SLES15-SP7-BYOS-Azure:xen-libs-4.20.1_04-150700.3.11.1
Ссылки