CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

Fedora 40 : xen (2024-a46df5ba2f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a46df5ba2f advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.18.2, remove patches now included upstream x86 HVM hypercalls may trigge...

SUSE-SU-2024:1259-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls XSA-454 in xen x86 bsc1221984 - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations XSA-455 in xen x86 bsc1222302 - CVE-2024-2201: Fixed memory...

openSUSE: Security Advisory for xen (SUSE-SU-2023:4476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46836 x86: BTC/SRSO fixes not fully effective

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

CVE-2023-46836 x86: BTC/SRSO fixes not fully effective

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...

SUSE-SU-2023:4945-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective bsc1216807. - CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD bsc1216654. Update to Xen 4.17.3 bug fix release bsc1027519...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:4945-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4945-1 advisory. - x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445, CVE-2023-46835 x86: BTC/SRSO...

Fedora 37 : xen (2023-e62da41072)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e62da41072 advisory. x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445, CVE-2023-46835 x86: BTC/SRSO fixes not fully effective XSA-446, CVE-2023-46836...

Xen: x86: BTC/SRSO Fixes Not Fully Effective (XSA-446)

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe as it was believed that the mitigations were always operated in contexts with IRQs disabled. However due to an unanticipated interaction with XSA-254 Meltdown, a race condition exists whereb...

Fedora 38 : xen (2023-56901a79a1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-56901a79a1 advisory. x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445, CVE-2023-46835 x86: BTC/SRSO fixes not fully effective XSA-446, CVE-2023-46836...

SUSE-SU-2023:4486-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...

SUSE-SU-2023:4484-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...

SUSE-SU-2023:4476-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero XSA-439 bsc1215474. - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests XSA-438 bsc1215145. - CVE-2023-34325: Multiple vulnerabilities in...

SUSE-SU-2023:4466-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 bsc1216654. - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective XSA-446 bsc1216807...

x86: BTC/SRSO fixes not fully effective

ISSUE DESCRIPTION The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabl...