Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2534-1 Final 1 1 2024-07-16T12:12:43Z current 2024-07-16T12:12:43Z 2024-07-16T12:12:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-BYOS-2024-2534,Image SLES12-SP5-EC2-ECS-On-Demand-2024-2534,Image SLES12-SP5-EC2-On-Demand-2024-2534,Image SLES12-SP5-EC2-SAP-BYOS-2024-2534,Image SLES12-SP5-EC2-SAP-On-Demand-2024-2534,SUSE-2024-2534,SUSE-SLE-SDK-12-SP5-2024-2534,SUSE-SLE-SERVER-12-SP5-2024-2534 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242534-1/ Link for SUSE-SU-2024:2534-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/018987.html E-Mail link for SUSE-SU-2024:2534-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027519 SUSE Bug 1027519 https://bugzilla.suse.com/1222453 SUSE Bug 1222453 https://bugzilla.suse.com/1227355 SUSE Bug 1227355 https://www.suse.com/security/cve/CVE-2024-2201/ SUSE CVE CVE-2024-2201 page https://www.suse.com/security/cve/CVE-2024-31143/ SUSE CVE CVE-2024-31143 page Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 xen-libs-4.12.4_50-3.112.1 xen-tools-domU-4.12.4_50-3.112.1 xen-4.12.4_50-3.112.1 xen-devel-4.12.4_50-3.112.1 xen-doc-html-4.12.4_50-3.112.1 xen-libs-32bit-4.12.4_50-3.112.1 xen-libs-64bit-4.12.4_50-3.112.1 xen-tools-4.12.4_50-3.112.1 xen-libs-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-BYOS xen-tools-domU-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-BYOS xen-libs-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-tools-domU-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-libs-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-tools-domU-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-libs-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-tools-domU-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-libs-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-tools-domU-4.12.4_50-3.112.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-doc-html-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-32bit-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-domU-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-doc-html-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-32bit-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-domU-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-devel-4.12.4_50-3.112.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. CVE-2024-2201 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_50-3.112.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242534-1/ https://www.suse.com/security/cve/CVE-2024-2201.html CVE-2024-2201 https://bugzilla.suse.com/1212111 SUSE Bug 1212111 https://bugzilla.suse.com/1217339 SUSE Bug 1217339 An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held. CVE-2024-31143 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_50-3.112.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_50-3.112.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_50-3.112.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242534-1/ https://www.suse.com/security/cve/CVE-2024-31143.html CVE-2024-31143 https://bugzilla.suse.com/1227355 SUSE Bug 1227355