Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480)
- CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248, XSA-481)
Список пакетов
Image SLES15-SP7-SAP-Azure-LI-BYOS-Production
Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Module for Basesystem 15 SP7
SUSE Linux Enterprise Module for Server Applications 15 SP7
Ссылки
- Link for SUSE-SU-2026:1093-1
- E-Mail link for SUSE-SU-2026:1093-1
- SUSE Security Ratings
- SUSE Bug 1259247
- SUSE Bug 1259248
- SUSE CVE CVE-2026-23554 page
- SUSE CVE CVE-2026-23555 page
Описание
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.
Затронутые продукты
Ссылки
- CVE-2026-23554
- SUSE Bug 1259247
Описание
Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.
Затронутые продукты
Ссылки
- CVE-2026-23555
- SUSE Bug 1259248