Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Linux: 2023:4476-1 Important Security Advisory for Xen Threat

suse
Calendar Grey November 17, 2023
Dist Suse Esm H88
Critical advisory for Xen addressing various flaws and security concerns on SUSE systems. Prompt measures suggested.
* bsc#1027519 * bsc#1215145 * bsc#1215474 * bsc#1215746 * bsc#1215747

Summary

## This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). * CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). * CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). * Upstream bug fixes (bsc#1027519)

Topics%20covered

Topics Covered

security advisory patch critical threat important SUSE Linux system reboot xen

References

* bsc#1027519

* bsc#1215145

* bsc#1215474

* bsc#1215746

* bsc#1215747

* bsc#1215748

* bsc#1216654

* bsc#1216807

Cross-

* CVE-2023-20588

* CVE-2023-34322

* CVE-2023-34325

* CVE-2023-34326

* CVE-2023-34327

* CVE-2023-34328

* CVE-2023-46835

* CVE-2023-46836

CVSS scores:

* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-34322 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

* CVE-2023-34325 ( SUSE ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

* CVE-2023-34326 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-34327 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4476-1
Rating: important

Topics%20covered

Topics Covered

security advisory patch critical threat important SUSE Linux system reboot xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here