Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

SUSE: 2021:2924-1 Important: x86 IOMMU Timeout and Security Fixes

suse
Calendar Grey September 2, 2021
Scroller Suse
Addressed 15 concerns, such as x86 IOMMU timeout identification and multiple vulnerabilities in Xen.
An update that solves 15 vulnerabilities and has 6 fixes is now available

Summary

This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).

References

#1027519 #1179246 #1180491 #1180846 #1182654

#1183243 #1185682 #1186428 #1186429 #1186433

#1186434 #1187369 #1187376 #1187378 #1188050

#1189373 #1189376 #1189378 #1189380 #1189381

#1189882

Cross- CVE-2021-0089 CVE-2021-20255 CVE-2021-28690

CVE-2021-28692 CVE-2021-28693 CVE-2021-28694

CVE-2021-28695 CVE-2021-28696 CVE-2021-28697

CVE-2021-28698 CVE-2021-28699 CVE-2021-28700

CVE-2021-3592 CVE-2021-3594 CVE-2021-3595

CVSS scores:

CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVE-2021-28694 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2924-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.