SB2022102579 - SUSE update for xen

Main Vulnerability Database SB2022102579

SB2022102579 - SUSE update for xen

Published: October 25, 2022

Security Bulletin ID SB2022102579

Severity

Low

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Incorrect Resource Transfer Between Spheres (CVE-ID: CVE-2021-28689)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

2) Information disclosure (CVE-ID: CVE-2022-26365)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

3) Information disclosure (CVE-ID: CVE-2022-33740)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

4) Information disclosure (CVE-ID: CVE-2022-33741)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2022-33742)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

6) Resource exhaustion (CVE-ID: CVE-2022-33746)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when freeing the P2M pool. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

7) Improper handling of exceptional conditions (CVE-ID: CVE-2022-33748)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. A local user can send specially crafted input and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/

Vulnerable Software

SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1