Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

SUSE: 2021:1023-1 Critical: Xen IRQ Leak and Soft-Reset Issues

suse
Calendar Grey April 6, 2021
Scroller Suse
Important SUSE Security patch for xen addresses multiple vulnerabilities along with resolutions, installation instructions, and severity details.
An update that solves four vulnerabilities and has 6 fixes is now available

Summary

This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: VUL-0: xen: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - CVE-2021-20257: VUL-0: xen: infinite loop issue in the e1000 NIC emulator (bsc#1182846) - CVE-2020-28368: VUL-0: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka (bsc#1178591, XSA-351) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - Kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - OpenQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Allow restart of xenwatchdogd, enable tuning of keep-alive interval and timeout options via XENWATCHDOGD_ARGS= (bsc#1178736)

References

#1027519 #1177112 #1177204 #1178591 #1178736

#1179148 #1181254 #1181989 #1182846 #1183072

Cross- CVE-2020-28368 CVE-2021-20257 CVE-2021-28687

CVE-2021-3308

CVSS scores:

CVE-2020-28368 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2020-28368 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-3308 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3308 (SUSE): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2020-28368.html

https://www.suse.com/security/cve/CVE-2021-20257.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:1023-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.