xen-4.16.1_02-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12219-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xen-4.16.1_02-3.1 on GA media These are all security issues fixed in the xen-4.16.1_02-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12219 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-21123/ SUSE CVE CVE-2022-21123 page https://www.suse.com/security/cve/CVE-2022-23816/ SUSE CVE CVE-2022-23816 page https://www.suse.com/security/cve/CVE-2022-26362/ SUSE CVE CVE-2022-26362 page https://www.suse.com/security/cve/CVE-2022-26363/ SUSE CVE CVE-2022-26363 page https://www.suse.com/security/cve/CVE-2022-33745/ SUSE CVE CVE-2022-33745 page openSUSE Tumbleweed xen-4.16.1_02-3.1 xen-devel-4.16.1_02-3.1 xen-doc-html-4.16.1_02-3.1 xen-libs-4.16.1_02-3.1 xen-libs-32bit-4.16.1_06-1.1 xen-tools-4.16.1_02-3.1 xen-tools-domU-4.16.1_02-3.1 xen-tools-xendomains-wait-disk-4.16.1_02-3.1 xen-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-devel-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-doc-html-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-libs-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-libs-32bit-4.16.1_06-1.1 as a component of openSUSE Tumbleweed xen-tools-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-tools-domU-4.16.1_02-3.1 as a component of openSUSE Tumbleweed xen-tools-xendomains-wait-disk-4.16.1_02-3.1 as a component of openSUSE Tumbleweed Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 openSUSE Tumbleweed:xen-4.16.1_02-3.1 openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1 openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1 openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-21123.html CVE-2022-21123 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209075 SUSE Bug 1209075 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE-2022-23816 openSUSE Tumbleweed:xen-4.16.1_02-3.1 openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1 openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1 openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23816.html CVE-2022-23816 https://bugzilla.suse.com/1201456 SUSE Bug 1201456 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 openSUSE Tumbleweed:xen-4.16.1_02-3.1 openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1 openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1 openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-26362.html CVE-2022-26362 https://bugzilla.suse.com/1199965 SUSE Bug 1199965 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 openSUSE Tumbleweed:xen-4.16.1_02-3.1 openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1 openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1 openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-26363.html CVE-2022-26363 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. CVE-2022-33745 openSUSE Tumbleweed:xen-4.16.1_02-3.1 openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1 openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1 openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-33745.html CVE-2022-33745 https://bugzilla.suse.com/1201394 SUSE Bug 1201394