SUSE-SU-2024:0830-1 Security update for xen

This update for xen fixes the following issues: - CVE-2023-46839: Fixed memory access through PCI device with phantom functions XSA-449 bsc1218851. - CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds XSA-450 bsc1219080. - CVE-2023-46841: Fixed shadow stack vs exceptions from...

VT-d: Failure to quarantine devices in !HVM builds

ISSUE DESCRIPTION Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. IMPACT When a device is removed from a domain, it is not properly quarantined and retains its access to the domain...

UBUNTU-CVE-2023-46835

The current setup of the quarantine page tables assumes that the quarantine domain domio has been initialized with an address width of DEFAULTDOMAINADDRESSWIDTH 48 and hence 4 page table levels. However domio being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum hot...

SUSE-SU-2020:14444-1 Security update for xen

This update for xen fixes the following issues: - bsc1174543 - secure boot related fixes - bsc1163019 - CVE-2020-8608: potential OOB access due to unsafe snprintf usages - bsc1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOPcopy - bsc1168140 - CVE-2020-11740, CVE-2020-11741: multipl...

MGASA-2020-0113 Updated xen packages fix security vulnerability

Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...

Updated xen packages fix security vulnerability

- Updated from 4.12.0 to 4.12.1 - Device quarantine for alternate pci assignment methods XSA-306 - x86: Machine Check Error on Page Size Change DoS XSA-304, CVE-2018-12207 - TSX Asynchronous Abort speculative side channel XSA-305, CVE-2019-11135 - VCPUOPinitialise DoS XSA-296, CVE-2019-18420...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)

This update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. CVE-2019-19581: findnextbit issues bsc1158003...

Device quarantine for alternate pci assignment methods

ISSUE DESCRIPTION XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of...