SUSE update for xen



Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-46835
CVE-2023-46836
CWE-ID CWE-264
CWE-254
Exploitation vector Network
Public exploit N/A
Vulnerable software
SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

Server Applications Module
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

xen-libs-64bit
Operating systems & Components / Operating system package or component

xen-libs-64bit-debuginfo
Operating systems & Components / Operating system package or component

xen-tools-xendomains-wait-disk
Operating systems & Components / Operating system package or component

xen-doc-html
Operating systems & Components / Operating system package or component

xen
Operating systems & Components / Operating system package or component

xen-tools
Operating systems & Components / Operating system package or component

xen-tools-debuginfo
Operating systems & Components / Operating system package or component

xen-libs-32bit
Operating systems & Components / Operating system package or component

xen-libs-32bit-debuginfo
Operating systems & Components / Operating system package or component

xen-tools-domU
Operating systems & Components / Operating system package or component

xen-devel
Operating systems & Components / Operating system package or component

xen-debugsource
Operating systems & Components / Operating system package or component

xen-tools-domU-debuginfo
Operating systems & Components / Operating system package or component

xen-libs
Operating systems & Components / Operating system package or component

xen-libs-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU83162

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46835

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote guest to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Server Applications Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

xen-libs-64bit: before 4.17.3_02-150500.3.18.1

xen-libs-64bit-debuginfo: before 4.17.3_02-150500.3.18.1

xen-tools-xendomains-wait-disk: before 4.17.3_02-150500.3.18.1

xen-doc-html: before 4.17.3_02-150500.3.18.1

xen: before 4.17.3_02-150500.3.18.1

xen-tools: before 4.17.3_02-150500.3.18.1

xen-tools-debuginfo: before 4.17.3_02-150500.3.18.1

xen-libs-32bit: before 4.17.3_02-150500.3.18.1

xen-libs-32bit-debuginfo: before 4.17.3_02-150500.3.18.1

xen-tools-domU: before 4.17.3_02-150500.3.18.1

xen-devel: before 4.17.3_02-150500.3.18.1

xen-debugsource: before 4.17.3_02-150500.3.18.1

xen-tools-domU-debuginfo: before 4.17.3_02-150500.3.18.1

xen-libs: before 4.17.3_02-150500.3.18.1

xen-libs-debuginfo: before 4.17.3_02-150500.3.18.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20234945-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security features bypass

EUVDB-ID: #VU83163

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46836

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote guest to bypass implemented security restrictions.

The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

Server Applications Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

xen-libs-64bit: before 4.17.3_02-150500.3.18.1

xen-libs-64bit-debuginfo: before 4.17.3_02-150500.3.18.1

xen-tools-xendomains-wait-disk: before 4.17.3_02-150500.3.18.1

xen-doc-html: before 4.17.3_02-150500.3.18.1

xen: before 4.17.3_02-150500.3.18.1

xen-tools: before 4.17.3_02-150500.3.18.1

xen-tools-debuginfo: before 4.17.3_02-150500.3.18.1

xen-libs-32bit: before 4.17.3_02-150500.3.18.1

xen-libs-32bit-debuginfo: before 4.17.3_02-150500.3.18.1

xen-tools-domU: before 4.17.3_02-150500.3.18.1

xen-devel: before 4.17.3_02-150500.3.18.1

xen-debugsource: before 4.17.3_02-150500.3.18.1

xen-tools-domU-debuginfo: before 4.17.3_02-150500.3.18.1

xen-libs: before 4.17.3_02-150500.3.18.1

xen-libs-debuginfo: before 4.17.3_02-150500.3.18.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20234945-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###