Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE Linux 15-SP3: 2021:2923-1 Critical: xen Update Issues

suse
Calendar Grey September 2, 2021
Scroller Suse
Explore 11 essential concerns tackled in this important SUSE release for xen, including crucial bug resolutions and security vulnerability updates.
An update that solves 11 vulnerabilities and has 7 fixes is now available

Summary

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).

References

#1027519 #1176189 #1179246 #1183243 #1183877

#1185682 #1186428 #1186429 #1186433 #1186434

#1187406 #1188050 #1189373 #1189376 #1189378

#1189380 #1189381 #1189882

Cross- CVE-2021-0089 CVE-2021-28690 CVE-2021-28692

CVE-2021-28693 CVE-2021-28694 CVE-2021-28695

CVE-2021-28696 CVE-2021-28697 CVE-2021-28698

CVE-2021-28699 CVE-2021-28700

CVSS scores:

CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28695 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28696 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2923-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.