Vulnerability from csaf_suse
Published
2020-09-29 12:13
Modified
2020-09-29 12:13
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- Various bug fixes (bsc#1027519)
Patchnames
SUSE-2020-2790,SUSE-SLE-Module-Basesystem-15-SP1-2020-2790,SUSE-SLE-Module-Server-Applications-15-SP1-2020-2790
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for xen", title: "Title of the patch", }, { category: "description", text: "This update for xen fixes the following issues:\n\n- CVE-2020-25602: Fixed an issue where there was a crash when\n handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)\n- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path\n (bsc#1176341,XSA-334)\n- CVE-2020-25604: Fixed a race condition when migrating timers between x86 \n HVM vCPU-s (bsc#1176343,XSA-336)\n- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)\n- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)\n- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)\n- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)\n- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)\n- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)\n- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)\t \n\n- Various bug fixes (bsc#1027519)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-2790,SUSE-SLE-Module-Basesystem-15-SP1-2020-2790,SUSE-SLE-Module-Server-Applications-15-SP1-2020-2790", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2790-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:2790-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20202790-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:2790-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007503.html", }, { category: "self", summary: "SUSE Bug 1027519", url: "https://bugzilla.suse.com/1027519", }, { category: "self", summary: "SUSE Bug 1176339", url: "https://bugzilla.suse.com/1176339", }, { category: "self", summary: "SUSE Bug 1176341", url: "https://bugzilla.suse.com/1176341", }, { category: "self", summary: "SUSE Bug 1176343", url: "https://bugzilla.suse.com/1176343", }, { category: "self", summary: "SUSE Bug 1176344", url: "https://bugzilla.suse.com/1176344", }, { category: "self", summary: "SUSE Bug 1176345", url: "https://bugzilla.suse.com/1176345", }, { category: "self", summary: "SUSE Bug 1176346", url: "https://bugzilla.suse.com/1176346", }, { category: "self", summary: "SUSE Bug 1176347", url: "https://bugzilla.suse.com/1176347", }, { category: "self", summary: "SUSE Bug 1176348", url: "https://bugzilla.suse.com/1176348", }, { category: "self", summary: "SUSE Bug 1176349", url: "https://bugzilla.suse.com/1176349", }, { category: "self", summary: "SUSE Bug 1176350", url: "https://bugzilla.suse.com/1176350", }, { category: "self", summary: "SUSE CVE CVE-2020-25595 page", url: "https://www.suse.com/security/cve/CVE-2020-25595/", }, { category: "self", summary: "SUSE CVE CVE-2020-25596 page", url: "https://www.suse.com/security/cve/CVE-2020-25596/", }, { category: "self", summary: "SUSE CVE CVE-2020-25597 page", url: "https://www.suse.com/security/cve/CVE-2020-25597/", }, { category: "self", summary: "SUSE CVE CVE-2020-25598 page", url: "https://www.suse.com/security/cve/CVE-2020-25598/", }, { category: "self", summary: "SUSE CVE CVE-2020-25599 page", url: "https://www.suse.com/security/cve/CVE-2020-25599/", }, { category: "self", summary: "SUSE CVE CVE-2020-25600 page", url: "https://www.suse.com/security/cve/CVE-2020-25600/", }, { category: "self", summary: "SUSE CVE CVE-2020-25601 page", url: "https://www.suse.com/security/cve/CVE-2020-25601/", }, { category: "self", summary: "SUSE CVE CVE-2020-25602 page", url: "https://www.suse.com/security/cve/CVE-2020-25602/", }, { category: "self", summary: "SUSE CVE CVE-2020-25603 page", url: "https://www.suse.com/security/cve/CVE-2020-25603/", }, { category: "self", summary: "SUSE CVE CVE-2020-25604 page", url: "https://www.suse.com/security/cve/CVE-2020-25604/", }, ], title: "Security update for xen", tracking: { current_release_date: "2020-09-29T12:13:34Z", generator: { date: "2020-09-29T12:13:34Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:2790-1", initial_release_date: "2020-09-29T12:13:34Z", revision_history: [ { date: "2020-09-29T12:13:34Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "xen-4.12.3_08-3.28.1.aarch64", product: { name: "xen-4.12.3_08-3.28.1.aarch64", product_id: "xen-4.12.3_08-3.28.1.aarch64", }, }, { category: "product_version", name: "xen-devel-4.12.3_08-3.28.1.aarch64", product: { name: "xen-devel-4.12.3_08-3.28.1.aarch64", product_id: "xen-devel-4.12.3_08-3.28.1.aarch64", }, }, { category: "product_version", name: "xen-doc-html-4.12.3_08-3.28.1.aarch64", product: { name: "xen-doc-html-4.12.3_08-3.28.1.aarch64", product_id: "xen-doc-html-4.12.3_08-3.28.1.aarch64", }, }, { category: "product_version", name: "xen-libs-4.12.3_08-3.28.1.aarch64", product: { name: "xen-libs-4.12.3_08-3.28.1.aarch64", product_id: "xen-libs-4.12.3_08-3.28.1.aarch64", }, }, { category: "product_version", name: "xen-tools-4.12.3_08-3.28.1.aarch64", product: { name: "xen-tools-4.12.3_08-3.28.1.aarch64", product_id: "xen-tools-4.12.3_08-3.28.1.aarch64", }, }, { category: "product_version", name: "xen-tools-domU-4.12.3_08-3.28.1.aarch64", product: { name: "xen-tools-domU-4.12.3_08-3.28.1.aarch64", product_id: "xen-tools-domU-4.12.3_08-3.28.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "xen-libs-64bit-4.12.3_08-3.28.1.aarch64_ilp32", product: { name: "xen-libs-64bit-4.12.3_08-3.28.1.aarch64_ilp32", product_id: "xen-libs-64bit-4.12.3_08-3.28.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "xen-devel-4.12.3_08-3.28.1.i586", product: { name: "xen-devel-4.12.3_08-3.28.1.i586", product_id: "xen-devel-4.12.3_08-3.28.1.i586", }, }, { category: "product_version", name: "xen-libs-4.12.3_08-3.28.1.i586", product: { name: "xen-libs-4.12.3_08-3.28.1.i586", product_id: "xen-libs-4.12.3_08-3.28.1.i586", }, }, { category: "product_version", name: "xen-tools-domU-4.12.3_08-3.28.1.i586", product: { name: "xen-tools-domU-4.12.3_08-3.28.1.i586", product_id: "xen-tools-domU-4.12.3_08-3.28.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "xen-4.12.3_08-3.28.1.x86_64", product: { name: "xen-4.12.3_08-3.28.1.x86_64", product_id: "xen-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-devel-4.12.3_08-3.28.1.x86_64", product: { name: "xen-devel-4.12.3_08-3.28.1.x86_64", product_id: "xen-devel-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-doc-html-4.12.3_08-3.28.1.x86_64", product: { name: "xen-doc-html-4.12.3_08-3.28.1.x86_64", product_id: "xen-doc-html-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-libs-4.12.3_08-3.28.1.x86_64", product: { name: "xen-libs-4.12.3_08-3.28.1.x86_64", product_id: "xen-libs-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-libs-32bit-4.12.3_08-3.28.1.x86_64", product: { name: "xen-libs-32bit-4.12.3_08-3.28.1.x86_64", product_id: "xen-libs-32bit-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-tools-4.12.3_08-3.28.1.x86_64", product: { name: "xen-tools-4.12.3_08-3.28.1.x86_64", product_id: "xen-tools-4.12.3_08-3.28.1.x86_64", }, }, { category: "product_version", name: "xen-tools-domU-4.12.3_08-3.28.1.x86_64", product: { name: "xen-tools-domU-4.12.3_08-3.28.1.x86_64", product_id: "xen-tools-domU-4.12.3_08-3.28.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Server Applications 15 SP1", product: { name: "SUSE Linux Enterprise Module for Server Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-server-applications:15:sp1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "xen-libs-4.12.3_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", }, product_reference: "xen-libs-4.12.3_08-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "xen-tools-domU-4.12.3_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", }, product_reference: "xen-tools-domU-4.12.3_08-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP1", }, { category: "default_component_of", full_product_name: { name: "xen-4.12.3_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", }, product_reference: "xen-4.12.3_08-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "xen-devel-4.12.3_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", }, product_reference: "xen-devel-4.12.3_08-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "xen-tools-4.12.3_08-3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1", product_id: "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", }, product_reference: "xen-tools-4.12.3_08-3.28.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Server Applications 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-25595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25595", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec \"backdoor\" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec (\"backdoor\") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25595", url: "https://www.suse.com/security/cve/CVE-2020-25595", }, { category: "external", summary: "SUSE Bug 1176344 for CVE-2020-25595", url: "https://bugzilla.suse.com/1176344", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-25595", url: "https://bugzilla.suse.com/1178658", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "important", }, ], title: "CVE-2020-25595", }, { cve: "CVE-2020-25596", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25596", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25596", url: "https://www.suse.com/security/cve/CVE-2020-25596", }, { category: "external", summary: "SUSE Bug 1176345 for CVE-2020-25596", url: "https://bugzilla.suse.com/1176345", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-25596", url: "https://bugzilla.suse.com/1178658", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25596", }, { cve: "CVE-2020-25597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25597", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25597", url: "https://www.suse.com/security/cve/CVE-2020-25597", }, { category: "external", summary: "SUSE Bug 1176346 for CVE-2020-25597", url: "https://bugzilla.suse.com/1176346", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25597", }, { cve: "CVE-2020-25598", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25598", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25598", url: "https://www.suse.com/security/cve/CVE-2020-25598", }, { category: "external", summary: "SUSE Bug 1176341 for CVE-2020-25598", url: "https://bugzilla.suse.com/1176341", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25598", }, { cve: "CVE-2020-25599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25599", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25599", url: "https://www.suse.com/security/cve/CVE-2020-25599", }, { category: "external", summary: "SUSE Bug 1176349 for CVE-2020-25599", url: "https://bugzilla.suse.com/1176349", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "important", }, ], title: "CVE-2020-25599", }, { cve: "CVE-2020-25600", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25600", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25600", url: "https://www.suse.com/security/cve/CVE-2020-25600", }, { category: "external", summary: "SUSE Bug 1176348 for CVE-2020-25600", url: "https://bugzilla.suse.com/1176348", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "important", }, ], title: "CVE-2020-25600", }, { cve: "CVE-2020-25601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25601", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25601", url: "https://www.suse.com/security/cve/CVE-2020-25601", }, { category: "external", summary: "SUSE Bug 1176350 for CVE-2020-25601", url: "https://bugzilla.suse.com/1176350", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25601", }, { cve: "CVE-2020-25602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25602", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25602", url: "https://www.suse.com/security/cve/CVE-2020-25602", }, { category: "external", summary: "SUSE Bug 1176339 for CVE-2020-25602", url: "https://bugzilla.suse.com/1176339", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25602", }, { cve: "CVE-2020-25603", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25603", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25603", url: "https://www.suse.com/security/cve/CVE-2020-25603", }, { category: "external", summary: "SUSE Bug 1176347 for CVE-2020-25603", url: "https://bugzilla.suse.com/1176347", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-25603", url: "https://bugzilla.suse.com/1178658", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "important", }, ], title: "CVE-2020-25603", }, { cve: "CVE-2020-25604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25604", }, ], notes: [ { category: "general", text: "An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25604", url: "https://www.suse.com/security/cve/CVE-2020-25604", }, { category: "external", summary: "SUSE Bug 1176343 for CVE-2020-25604", url: "https://bugzilla.suse.com/1176343", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2020-25604", url: "https://bugzilla.suse.com/1178658", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.3_08-3.28.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.3_08-3.28.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-09-29T12:13:34Z", details: "moderate", }, ], title: "CVE-2020-25604", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.