Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2569-1 Final 1 1 2022-07-27T14:17:22Z current 2022-07-27T14:17:22Z 2022-07-27T14:17:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-2569,SUSE-SLE-SERVER-12-SP2-BCL-2022-2569 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ Link for SUSE-SU-2022:2569-1 https://lists.suse.com/pipermail/sle-security-updates/2022-July/011684.html E-Mail link for SUSE-SU-2022:2569-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1199965 SUSE Bug 1199965 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1201394 SUSE Bug 1201394 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://www.suse.com/security/cve/CVE-2022-21123/ SUSE CVE CVE-2022-21123 page https://www.suse.com/security/cve/CVE-2022-21125/ SUSE CVE CVE-2022-21125 page https://www.suse.com/security/cve/CVE-2022-21166/ SUSE CVE CVE-2022-21166 page https://www.suse.com/security/cve/CVE-2022-23816/ SUSE CVE CVE-2022-23816 page https://www.suse.com/security/cve/CVE-2022-23825/ SUSE CVE CVE-2022-23825 page https://www.suse.com/security/cve/CVE-2022-26362/ SUSE CVE CVE-2022-26362 page https://www.suse.com/security/cve/CVE-2022-26363/ SUSE CVE CVE-2022-26363 page https://www.suse.com/security/cve/CVE-2022-26364/ SUSE CVE CVE-2022-26364 page https://www.suse.com/security/cve/CVE-2022-29900/ SUSE CVE CVE-2022-29900 page https://www.suse.com/security/cve/CVE-2022-33745/ SUSE CVE CVE-2022-33745 page SUSE Linux Enterprise Server 12 SP2-BCL xen-4.7.6_24-43.91.1 xen-devel-4.7.6_24-43.91.1 xen-doc-html-4.7.6_24-43.91.1 xen-libs-4.7.6_24-43.91.1 xen-libs-32bit-4.7.6_24-43.91.1 xen-libs-64bit-4.7.6_24-43.91.1 xen-tools-4.7.6_24-43.91.1 xen-tools-domU-4.7.6_24-43.91.1 xen-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL xen-doc-html-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL xen-libs-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL xen-libs-32bit-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL xen-tools-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL xen-tools-domU-4.7.6_24-43.91.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-21123.html CVE-2022-21123 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209075 SUSE Bug 1209075 Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-21125.html CVE-2022-21125 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209074 SUSE Bug 1209074 Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-21166.html CVE-2022-21166 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209073 SUSE Bug 1209073 DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE-2022-23816 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-23816.html CVE-2022-23816 https://bugzilla.suse.com/1201456 SUSE Bug 1201456 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. CVE-2022-23825 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-23825.html CVE-2022-23825 https://bugzilla.suse.com/1201457 SUSE Bug 1201457 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1205209 SUSE Bug 1205209 x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-26362.html CVE-2022-26362 https://bugzilla.suse.com/1199965 SUSE Bug 1199965 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-26363.html CVE-2022-26363 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26364 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-26364.html CVE-2022-26364 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-29900.html CVE-2022-29900 https://bugzilla.suse.com/1199657 SUSE Bug 1199657 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1207894 SUSE Bug 1207894 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. CVE-2022-33745 SUSE Linux Enterprise Server 12 SP2-BCL:xen-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-doc-html-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-32bit-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-libs-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-4.7.6_24-43.91.1 SUSE Linux Enterprise Server 12 SP2-BCL:xen-tools-domU-4.7.6_24-43.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222569-1/ https://www.suse.com/security/cve/CVE-2022-33745.html CVE-2022-33745 https://bugzilla.suse.com/1201394 SUSE Bug 1201394