SB2022072655 - Fedora 35 update for xen

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2022-33745)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in code responsible for migration and work around of kernels unaware of L1TF in shadow mode, related to TLB flush. A remote user with access to x86 PV guest can start the migration process to trigger the vulnerability and exhaust all available memory, resulting in a denial of service (DoS) attack.

2) Type Confusion (CVE-ID: CVE-2022-23816)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

3) Type Confusion (CVE-ID: CVE-2022-23825)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

4) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed  RETbleed.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2022-a0d7a5eaf2