SUSE update for xen

1) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88374

Risk: Medium

CVSSv4.0: 7.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-2201

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Server for SAP Applications 15: SP3

SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3

SUSE Linux Enterprise Server 15: SP3

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3

SUSE Linux Enterprise High Performance Computing 15: SP3

SUSE Enterprise Storage: 7.1

SUSE Linux Enterprise Micro: 5.1 - 5.2

openSUSE Leap: 15.3

xen-libs-64bit-debuginfo: before 4.14.6_16-150300.3.75.1

xen-libs-64bit: before 4.14.6_16-150300.3.75.1

xen-tools-xendomains-wait-disk: before 4.14.6_16-150300.3.75.1

xen-tools: before 4.14.6_16-150300.3.75.1

xen-doc-html: before 4.14.6_16-150300.3.75.1

xen: before 4.14.6_16-150300.3.75.1

xen-tools-debuginfo: before 4.14.6_16-150300.3.75.1

xen-libs-32bit-debuginfo: before 4.14.6_16-150300.3.75.1

xen-libs-32bit: before 4.14.6_16-150300.3.75.1

xen-debugsource: before 4.14.6_16-150300.3.75.1

xen-libs-debuginfo: before 4.14.6_16-150300.3.75.1

xen-tools-domU-debuginfo: before 4.14.6_16-150300.3.75.1

xen-libs: before 4.14.6_16-150300.3.75.1

xen-devel: before 4.14.6_16-150300.3.75.1

xen-tools-domU: before 4.14.6_16-150300.3.75.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3_ltss:15-SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:xen-libs-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-libs-64bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-tools-xendomains-wait-disk:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-libs-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20242533-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.