Lucene search

K
suseSuseSUSE-SU-2022:3665-1
HistoryOct 20, 2022 - 12:00 a.m.

Security update for xen (important)

2022-10-2000:00:00
lists.opensuse.org
14
xen
security update
vulnerabilities
errata
dos
race
linux block
network pv device
memory regions
tlb flush
speculative vulnerabilities
bugfixes
suse
opensuse leap
suse linux enterprise
microos

EPSS

0.001

Percentile

27.5%

An update that solves 8 vulnerabilities and has one errata
is now available.

Description:

This update for xen fixes the following issues:

 - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing
   (bsc#1203806).
 - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
 - CVE-2022-26365: Fixed issue where Linux Block and Network PV device
   frontends don't zero memory regions before sharing them with the
   backend (bsc#1200762).
 - CVE-2022-33740: Fixed issue where Linux Block and Network PV device
   frontends don't zero memory regions before sharing them with the
   backend (bsc#1200762).
 - CVE-2022-33741: Fixed issue where data residing in the same 4K page as
   data shared with a backend was being accessible by such backend
   (bsc#1200762).
 - CVE-2022-33742: Fixed issue where data residing in the same 4K page as
   data shared with a backend was being accessible by such backend
   (bsc#1200762).
 - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in
   shadow mode (bsc#1201394).
 - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim)
   32-bit PV guests (bsc#1185104).

 Bugfixes:

 - Fixed logic error in built-in default of max_event_channels
   (bsc#1167608, bsc#1201631).
 - Fixed issue where dom0 fails to boot with constrained vcpus and nodes
   (bsc#1197081).
 - Included upstream bugfixes (bsc#1027519).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap Micro 5.2:

    zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3665=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3665=1

  • SUSE Linux Enterprise Module for Server Applications 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3665=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3665=1

  • SUSE Linux Enterprise Micro 5.2:

    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3665=1

  • SUSE Linux Enterprise Micro 5.1:

    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3665=1