Main Vulnerability Database SB2024092539

SB2024092539 - SUSE update for xen

Published: September 25, 2024

Security Bulletin ID SB2024092539

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Deadlock (CVE-ID: CVE-2024-45817)

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to a deadlock within the vlapic_error() function. A buggy or malicious HVM or PVH guest can deadlock Xen and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20243432-1/

Vulnerable Software

SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
xen-tools: before 4.12.4_54-3.118.1
xen-libs-32bit: before 4.12.4_54-3.118.1
xen-libs-debuginfo-32bit: before 4.12.4_54-3.118.1
xen-doc-html: before 4.12.4_54-3.118.1
xen-tools-debuginfo: before 4.12.4_54-3.118.1
xen: before 4.12.4_54-3.118.1
xen-tools-domU-debuginfo: before 4.12.4_54-3.118.1
xen-libs-debuginfo: before 4.12.4_54-3.118.1
xen-tools-domU: before 4.12.4_54-3.118.1
xen-libs: before 4.12.4_54-3.118.1
xen-devel: before 4.12.4_54-3.118.1
xen-debugsource: before 4.12.4_54-3.118.1