Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

SUSE 5.0: SUSE-SU-2021:2922-1 Important: Xen Security Threat Fixes

suse
Calendar Grey September 2, 2021
Scroller Suse
The recent update from SUSE enhances Xen security by tackling critical vulnerabilities, delivering essential patches and upgrades for improved safeguarding.
An update that solves 11 vulnerabilities and has 9 fixes is now available

Summary

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).

References

#1027519 #1137251 #1176189 #1179148 #1179246

#1180491 #1181989 #1183877 #1185682 #1186428

#1186429 #1186433 #1186434 #1188050 #1189373

#1189376 #1189378 #1189380 #1189381 #1189882

Cross- CVE-2021-0089 CVE-2021-28690 CVE-2021-28692

CVE-2021-28693 CVE-2021-28694 CVE-2021-28695

CVE-2021-28696 CVE-2021-28697 CVE-2021-28698

CVE-2021-28699 CVE-2021-28700

CVSS scores:

CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2922-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.