xen-4.18.0_06-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13648 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xen-4.18.0_06-1.1 on GA media These are all security issues fixed in the xen-4.18.0_06-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13648 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13648 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-46839/ SUSE CVE CVE-2023-46839 page https://www.suse.com/security/cve/CVE-2023-46840/ SUSE CVE CVE-2023-46840 page openSUSE Tumbleweed xen-4.18.0_06-1.1 xen-devel-4.18.0_06-1.1 xen-doc-html-4.18.0_06-1.1 xen-libs-4.18.0_06-1.1 xen-tools-4.18.0_06-1.1 xen-tools-domU-4.18.0_06-1.1 xen-tools-xendomains-wait-disk-4.18.0_06-1.1 xen-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-devel-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-doc-html-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-libs-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-tools-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-tools-domU-4.18.0_06-1.1 as a component of openSUSE Tumbleweed xen-tools-xendomains-wait-disk-4.18.0_06-1.1 as a component of openSUSE Tumbleweed PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. CVE-2023-46839 openSUSE Tumbleweed:xen-4.18.0_06-1.1 openSUSE Tumbleweed:xen-devel-4.18.0_06-1.1 openSUSE Tumbleweed:xen-doc-html-4.18.0_06-1.1 openSUSE Tumbleweed:xen-libs-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-domU-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.0_06-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-46839.html CVE-2023-46839 https://bugzilla.suse.com/1218851 SUSE Bug 1218851 Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. CVE-2023-46840 openSUSE Tumbleweed:xen-4.18.0_06-1.1 openSUSE Tumbleweed:xen-devel-4.18.0_06-1.1 openSUSE Tumbleweed:xen-doc-html-4.18.0_06-1.1 openSUSE Tumbleweed:xen-libs-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-domU-4.18.0_06-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.0_06-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-46840.html CVE-2023-46840 https://bugzilla.suse.com/1219080 SUSE Bug 1219080