Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3213-1 Final 1 1 2021-09-23T14:24:12Z current 2021-09-23T14:24:12Z 2021-09-23T14:24:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Integrate bugfixes (bsc#1189373, bsc#1189378). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-3213,SUSE-2021-3213,SUSE-OpenStack-Cloud-8-2021-3213,SUSE-OpenStack-Cloud-Crowbar-8-2021-3213,SUSE-SLE-SAP-12-SP3-2021-3213,SUSE-SLE-SERVER-12-SP3-2021-3213,SUSE-SLE-SERVER-12-SP3-BCL-2021-3213 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213213-1/ Link for SUSE-SU-2021:3213-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009501.html E-Mail link for SUSE-SU-2021:3213-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1189373 SUSE Bug 1189373 https://bugzilla.suse.com/1189378 SUSE Bug 1189378 https://bugzilla.suse.com/1189632 SUSE Bug 1189632 https://www.suse.com/security/cve/CVE-2021-28701/ SUSE CVE CVE-2021-28701 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 xen-4.9.4_22-3.94.2 xen-doc-html-4.9.4_22-3.94.2 xen-libs-4.9.4_22-3.94.2 xen-libs-32bit-4.9.4_22-3.94.2 xen-tools-4.9.4_22-3.94.2 xen-tools-domU-4.9.4_22-3.94.2 xen-devel-4.9.4_22-3.94.2 xen-libs-64bit-4.9.4_22-3.94.2 xen-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-doc-html-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-libs-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-libs-32bit-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-tools-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-tools-domU-4.9.4_22-3.94.2 as a component of HPE Helion OpenStack 8 xen-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-doc-html-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-libs-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-libs-32bit-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-tools-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-tools-domU-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-BCL xen-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-doc-html-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-libs-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-libs-32bit-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-tools-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-tools-domU-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS xen-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-doc-html-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-libs-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-libs-32bit-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-tools-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-tools-domU-4.9.4_22-3.94.2 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 xen-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-doc-html-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-libs-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-libs-32bit-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-tools-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-tools-domU-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud 8 xen-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 xen-doc-html-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 xen-libs-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 xen-libs-32bit-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 xen-tools-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 xen-tools-domU-4.9.4_22-3.94.2 as a component of SUSE OpenStack Cloud Crowbar 8 Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. CVE-2021-28701 HPE Helion OpenStack 8:xen-4.9.4_22-3.94.2 HPE Helion OpenStack 8:xen-doc-html-4.9.4_22-3.94.2 HPE Helion OpenStack 8:xen-libs-32bit-4.9.4_22-3.94.2 HPE Helion OpenStack 8:xen-libs-4.9.4_22-3.94.2 HPE Helion OpenStack 8:xen-tools-4.9.4_22-3.94.2 HPE Helion OpenStack 8:xen-tools-domU-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-doc-html-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-32bit-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-libs-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-BCL:xen-tools-domU-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-doc-html-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-32bit-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-libs-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-4.9.4_22-3.94.2 SUSE Linux Enterprise Server 12 SP3-LTSS:xen-tools-domU-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-doc-html-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-32bit-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-libs-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-4.9.4_22-3.94.2 SUSE Linux Enterprise Server for SAP Applications 12 SP3:xen-tools-domU-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-doc-html-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-libs-32bit-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-libs-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-tools-4.9.4_22-3.94.2 SUSE OpenStack Cloud 8:xen-tools-domU-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-doc-html-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-libs-32bit-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-libs-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-tools-4.9.4_22-3.94.2 SUSE OpenStack Cloud Crowbar 8:xen-tools-domU-4.9.4_22-3.94.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213213-1/ https://www.suse.com/security/cve/CVE-2021-28701.html CVE-2021-28701 https://bugzilla.suse.com/1189632 SUSE Bug 1189632