SB2022072933 - SUSE update for xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022072933

SB2022072933 - SUSE update for xen

Published: July 29, 2022

Security Bulletin ID SB2022072933
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 30% Medium 10% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-21123)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.



2) Information disclosure (CVE-ID: CVE-2022-21125)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.




3) Information disclosure (CVE-ID: CVE-2022-21166)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.


4) Type Confusion (CVE-ID: CVE-2022-23816)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.


5) Type Confusion (CVE-ID: CVE-2022-23825)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.


6) Race condition (CVE-ID: CVE-2022-26362)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to race condition in typeref acquisition Xen. A remote attacker can execute arbitrary code on the target system.


7) Buffer overflow (CVE-ID: CVE-2022-26363)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient care with non-coherent mappings. A remote attacker can pass a specially crafted data and trigger memory corruption and execute arbitrary code on the target system.


8) Buffer overflow (CVE-ID: CVE-2022-26364)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient care with non-coherent mappings. A remote attacker can pass a specially crafted data and trigger memory corruption and execute arbitrary code on the target system.


9) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed  RETbleed.


10) Resource exhaustion (CVE-ID: CVE-2022-33745)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in code responsible for migration and work around of kernels unaware of L1TF in shadow mode, related to TLB flush. A remote user with access to x86 PV guest can start the migration process to trigger the vulnerability and exhaust all available memory, resulting in a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References