Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Linux Enterprise 15 SP5: 2023:4475-1 Important Xen Execution Fixes

suse
Calendar Grey November 17, 2023
Dist Suse Esm H88
Important SUSE upgrade for xen addresses various problems including AMD processor transient execution vulnerabilities and additional concerns.
* bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747

Summary

## This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519)

Topics%20covered

Topics Covered

security advisory patch important xen AMD CPU execution leak

References

* bsc#1027519

* bsc#1215145

* bsc#1215474

* bsc#1215746

* bsc#1215747

* bsc#1215748

* bsc#1216654

* bsc#1216807

Cross-

* CVE-2023-20588

* CVE-2023-34322

* CVE-2023-34325

* CVE-2023-34326

* CVE-2023-34327

* CVE-2023-34328

* CVE-2023-46835

* CVE-2023-46836

CVSS scores:

* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

* CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4475-1
Rating: important

Topics%20covered

Topics Covered

security advisory patch important xen AMD CPU execution leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here