Alerts This Week
Warning Icon 1 1,515
Alerts This Week
Warning Icon 1 1,515

SUSE: 2020:2822-1 Critical: Fix for Xen Denial of Service Vulnerability

suse
Calendar Grey October 1, 2020
Dist Suse Esm H88
SUSE Security Update: Security update for xen ______________________________________________________
An update that fixes 12 vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)

References

#1172205 #1173378 #1173380 #1175534 #1176343

#1176344 #1176345 #1176346 #1176347 #1176348

#1176349 #1176350

Cross- CVE-2020-0543 CVE-2020-14364 CVE-2020-15565

CVE-2020-15567 CVE-2020-25595 CVE-2020-25596

CVE-2020-25597 CVE-2020-25599 CVE-2020-25600

CVE-2020-25601 CVE-2020-25603 CVE-2020-25604

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2020-0543.html

https://www.suse.com/security/cve/CVE-2020-14364.html

https://www.suse.com/security/cve/CVE-2020-15565.html

https://www.suse.com/security/cve/CVE-2020-15567.html

https://www.suse.com/security/cve/CVE-2020-25595.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:2822-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here