Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1251-1 Final 1 1 2021-04-19T06:58:14Z current 2021-04-19T06:58:14Z 2021-04-19T06:58:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1251,SUSE-OpenStack-Cloud-9-2021-1251,SUSE-OpenStack-Cloud-Crowbar-9-2021-1251,SUSE-SLE-SAP-12-SP4-2021-1251,SUSE-SLE-SERVER-12-SP4-LTSS-2021-1251 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211251-1/ Link for SUSE-SU-2021:1251-1 https://lists.suse.com/pipermail/sle-security-updates/2021-April/008655.html E-Mail link for SUSE-SU-2021:1251-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178591 SUSE Bug 1178591 https://bugzilla.suse.com/1182431 SUSE Bug 1182431 https://bugzilla.suse.com/1182846 SUSE Bug 1182846 https://www.suse.com/security/cve/CVE-2021-20257/ SUSE CVE CVE-2021-20257 page https://www.suse.com/security/cve/CVE-2021-27379/ SUSE CVE CVE-2021-27379 page SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 xen-4.11.4_16-2.51.1 xen-devel-4.11.4_16-2.51.1 xen-doc-html-4.11.4_16-2.51.1 xen-libs-4.11.4_16-2.51.1 xen-libs-32bit-4.11.4_16-2.51.1 xen-libs-64bit-4.11.4_16-2.51.1 xen-tools-4.11.4_16-2.51.1 xen-tools-domU-4.11.4_16-2.51.1 xen-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-doc-html-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-libs-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-libs-32bit-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-tools-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-tools-domU-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS xen-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-doc-html-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-libs-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-libs-32bit-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-tools-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-tools-domU-4.11.4_16-2.51.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 xen-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-doc-html-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-libs-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-libs-32bit-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-tools-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-tools-domU-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud 9 xen-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 xen-doc-html-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 xen-libs-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 xen-libs-32bit-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 xen-tools-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 xen-tools-domU-4.11.4_16-2.51.1 as a component of SUSE OpenStack Cloud Crowbar 9 An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-20257 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-doc-html-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-32bit-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-tools-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-tools-domU-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-doc-html-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-libs-32bit-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-libs-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-tools-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-tools-domU-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-doc-html-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-libs-32bit-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-libs-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-tools-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-tools-domU-4.11.4_16-2.51.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211251-1/ https://www.suse.com/security/cve/CVE-2021-20257.html CVE-2021-20257 https://bugzilla.suse.com/1182577 SUSE Bug 1182577 https://bugzilla.suse.com/1182846 SUSE Bug 1182846 An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. CVE-2021-27379 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-doc-html-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-32bit-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-libs-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-tools-4.11.4_16-2.51.1 SUSE Linux Enterprise Server 12 SP4-LTSS:xen-tools-domU-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-doc-html-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-32bit-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-libs-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-4.11.4_16-2.51.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:xen-tools-domU-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-doc-html-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-libs-32bit-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-libs-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-tools-4.11.4_16-2.51.1 SUSE OpenStack Cloud 9:xen-tools-domU-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-doc-html-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-libs-32bit-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-libs-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-tools-4.11.4_16-2.51.1 SUSE OpenStack Cloud Crowbar 9:xen-tools-domU-4.11.4_16-2.51.1 important 5.9 AV:L/AC:M/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211251-1/ https://www.suse.com/security/cve/CVE-2021-27379.html CVE-2021-27379 https://bugzilla.suse.com/1182431 SUSE Bug 1182431