xen-4.17.2_04-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13257-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xen-4.17.2_04-1.1 on GA media These are all security issues fixed in the xen-4.17.2_04-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13257 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-20588/ SUSE CVE CVE-2023-20588 page https://www.suse.com/security/cve/CVE-2023-34322/ SUSE CVE CVE-2023-34322 page openSUSE Tumbleweed xen-4.17.2_04-1.1 xen-devel-4.17.2_04-1.1 xen-doc-html-4.17.2_04-1.1 xen-libs-4.17.2_04-1.1 xen-tools-4.17.2_04-1.1 xen-tools-domU-4.17.2_04-1.1 xen-tools-xendomains-wait-disk-4.17.2_04-1.1 xen-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-devel-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-doc-html-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-libs-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-tools-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-tools-domU-4.17.2_04-1.1 as a component of openSUSE Tumbleweed xen-tools-xendomains-wait-disk-4.17.2_04-1.1 as a component of openSUSE Tumbleweed A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. CVE-2023-20588 openSUSE Tumbleweed:xen-4.17.2_04-1.1 openSUSE Tumbleweed:xen-devel-4.17.2_04-1.1 openSUSE Tumbleweed:xen-doc-html-4.17.2_04-1.1 openSUSE Tumbleweed:xen-libs-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-domU-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.17.2_04-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-20588.html CVE-2023-20588 https://bugzilla.suse.com/1213927 SUSE Bug 1213927 For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough. CVE-2023-34322 openSUSE Tumbleweed:xen-4.17.2_04-1.1 openSUSE Tumbleweed:xen-devel-4.17.2_04-1.1 openSUSE Tumbleweed:xen-doc-html-4.17.2_04-1.1 openSUSE Tumbleweed:xen-libs-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-domU-4.17.2_04-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.17.2_04-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-34322.html CVE-2023-34322 https://bugzilla.suse.com/1215145 SUSE Bug 1215145