SUSE: 2019:2962-1 Important: Xen Security Update with Privilege Escalation

suse

November 12, 2019

An update that fixes 6 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described "Microarchitectural Data Sampling" attack. (bsc#1152497). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to

Topics Covered

security advisory denial of service privilege escalation important xen SUSE Linux Enterprise

References

#1152497 #1154448 #1154456 #1154458 #1154461

#1155945

Cross- CVE-2018-12207 CVE-2019-11135 CVE-2019-18420

CVE-2019-18421 CVE-2019-18424 CVE-2019-18425

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-12207.html

https://www.suse.com/security/cve/CVE-2019-11135.html

https://www.suse.com/security/cve/CVE-2019-18420.html

https://www.suse.com/security/cve/CVE-2019-18421.html

https://www.suse.com/security/cve/CVE-2019-18424.html

https://www.suse.com/security/cve/CVE-2019-18425.html

https://bugzilla.suse.com/1152497

https://bugzilla.suse.com/1154448

https://bugzilla.suse.com/1154456

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:2962-1

Rating: important

Topics Covered

security advisory denial of service privilege escalation important xen SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:2962-1 Important: Xen Security Update with Privilege Escalation

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:2962-1 Important: Xen Security Update with Privilege Escalation

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!