Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0328-1

Опубликовано: 28 янв. 2026
Источник: suse-cvrf

Описание

Security update for xen

This update for xen fixes the following issues:

Security fixes:

  • CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745)
  • CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747)
  • CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
xen-4.12.4_64-3.137.1
xen-devel-4.12.4_64-3.137.1
xen-doc-html-4.12.4_64-3.137.1
xen-libs-4.12.4_64-3.137.1
xen-libs-32bit-4.12.4_64-3.137.1
xen-tools-4.12.4_64-3.137.1
xen-tools-domU-4.12.4_64-3.137.1

Ссылки

Описание

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-devel-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-doc-html-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-libs-32bit-4.12.4_64-3.137.1
Ссылки

Описание

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-devel-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-doc-html-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-libs-32bit-4.12.4_64-3.137.1
Ссылки

Описание

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with task 1's training still in the BTB.

Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-devel-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-doc-html-4.12.4_64-3.137.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xen-libs-32bit-4.12.4_64-3.137.1
Ссылки