xen-4.17.0_02-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12561-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xen-4.17.0_02-1.1 on GA media These are all security issues fixed in the xen-4.17.0_02-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12561 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-33746/ SUSE CVE CVE-2022-33746 page https://www.suse.com/security/cve/CVE-2022-33748/ SUSE CVE CVE-2022-33748 page openSUSE Tumbleweed xen-4.17.0_02-1.1 xen-devel-4.17.0_02-1.1 xen-doc-html-4.17.0_02-1.1 xen-libs-4.17.0_02-1.1 xen-libs-32bit-4.17.0_02-1.1 xen-tools-4.17.0_02-1.1 xen-tools-domU-4.17.0_02-1.1 xen-tools-xendomains-wait-disk-4.17.0_02-1.1 xen-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-devel-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-doc-html-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-libs-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-libs-32bit-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-tools-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-tools-domU-4.17.0_02-1.1 as a component of openSUSE Tumbleweed xen-tools-xendomains-wait-disk-4.17.0_02-1.1 as a component of openSUSE Tumbleweed P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. CVE-2022-33746 openSUSE Tumbleweed:xen-4.17.0_02-1.1 openSUSE Tumbleweed:xen-devel-4.17.0_02-1.1 openSUSE Tumbleweed:xen-doc-html-4.17.0_02-1.1 openSUSE Tumbleweed:xen-libs-32bit-4.17.0_02-1.1 openSUSE Tumbleweed:xen-libs-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-domU-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.17.0_02-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-33746.html CVE-2022-33746 https://bugzilla.suse.com/1203806 SUSE Bug 1203806 lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. CVE-2022-33748 openSUSE Tumbleweed:xen-4.17.0_02-1.1 openSUSE Tumbleweed:xen-devel-4.17.0_02-1.1 openSUSE Tumbleweed:xen-doc-html-4.17.0_02-1.1 openSUSE Tumbleweed:xen-libs-32bit-4.17.0_02-1.1 openSUSE Tumbleweed:xen-libs-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-domU-4.17.0_02-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.17.0_02-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-33748.html CVE-2022-33748 https://bugzilla.suse.com/1203807 SUSE Bug 1203807