Bugzilla – Bug 1221984
VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454)
Last modified: 2024-07-30 16:30:56 UTC
Created attachment 873816 [details] Attached patches Xen Security Advisory CVE-2023-46842 / XSA-454 x86 HVM hypercalls may trigger Xen bug check *** EMBARGOED UNTIL 2024-04-09 12:00 UTC *** ISSUE DESCRIPTION ================= Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode this further involves a certain amount of translation of the values. Unfortunately internal sanity checking of these translated values assumes high halves of registers to always be clear when invoking a hypercall. When this is found not to be the case, it triggers a consistency check in the hypervisor and causes a crash. IMPACT ====== A HVM or PVH guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host. VULNERABLE SYSTEMS ================== All Xen versions from at least 3.2 onwards are vulnerable. Earlier versions have not been inspected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only HVM or PVH guests can leverage the vulnerability. PV guests cannot leverage the vulnerability. MITIGATION ========== Not using HVM / PVH guests will avoid the vulnerability. RESOLUTION ========== Applying either of the attached patches from the appropriate set resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa454-?.patch xen-unstable xsa454-4.18-?.patch Xen 4.18.x xsa454-4.17-?.patch Xen 4.17.x xsa454-4.16-?.patch Xen 4.16.x - Xen 4.15.x $ sha256sum xsa454* 61f8a3a29fc684a5ec447e50a5cb47da3f383fea7c60ba64c1f302e3c659b661 xsa454-1.patch 90c081754e65f1b3714cf3434fa16606baa67851e0dcaea2b45c5950f78d1860 xsa454-2.patch d0171c639fe36e0b859c84205b8f0bafac683f2186dc34c54cdb7041ebd52d52 xsa454-4.16-1.patch 638df849d986bc328d2a0db6c2854b036ce1143b397d70ca865f78d8917da369 xsa454-4.16-2.patch 23f4e44ca9108a89eb4813d11b46797ca56a5cf50d21d42a21fd9c8a02c0ebfd xsa454-4.17-1.patch 77ada97caaf7e3c025fae7d34b377b8537725ba692ec54981590076a9dcf3ca9 xsa454-4.17-2.patch 76434bb9394be762fd9240b2a13d35e65bbca7ac9faf97b6101a62093700ae8b xsa454-4.18-1.patch 90c081754e65f1b3714cf3434fa16606baa67851e0dcaea2b45c5950f78d1860 xsa454-4.18-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html
This is an autogenerated message for OBS integration: This bug (1221984) was mentioned in https://build.opensuse.org/request/show/1166538 Factory / xen
public
SUSE-SU-2024:1259-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1027519, 1221984, 1222302, 1222453 CVE References: CVE-2023-46842, CVE-2024-2201, CVE-2024-31142 Maintenance Incident: [SUSE:Maintenance:33341](https://smelt.suse.de/incident/33341/) Sources used: openSUSE Leap 15.4 (src): xen-4.16.6_02-150400.4.55.1 openSUSE Leap Micro 5.3 (src): xen-4.16.6_02-150400.4.55.1 openSUSE Leap Micro 5.4 (src): xen-4.16.6_02-150400.4.55.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): xen-4.16.6_02-150400.4.55.1 SUSE Linux Enterprise Micro 5.3 (src): xen-4.16.6_02-150400.4.55.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): xen-4.16.6_02-150400.4.55.1 SUSE Linux Enterprise Micro 5.4 (src): xen-4.16.6_02-150400.4.55.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1295-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1027519, 1221984, 1222302, 1222453 CVE References: CVE-2023-46842, CVE-2024-2201, CVE-2024-31142 Maintenance Incident: [SUSE:Maintenance:33340](https://smelt.suse.de/incident/33340/) Sources used: openSUSE Leap 15.5 (src): xen-4.17.4_02-150500.3.30.1 SUSE Linux Enterprise Micro 5.5 (src): xen-4.17.4_02-150500.3.30.1 Basesystem Module 15-SP5 (src): xen-4.17.4_02-150500.3.30.1 Server Applications Module 15-SP5 (src): xen-4.17.4_02-150500.3.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1541-1: An update that solves three vulnerabilities and has one security fix can now be installed. Category: security (moderate) Bug References: 1027519, 1221984, 1222302, 1222453 CVE References: CVE-2023-46842, CVE-2024-2201, CVE-2024-31142 Maintenance Incident: [SUSE:Maintenance:33626](https://smelt.suse.de/incident/33626/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): xen-4.12.4_48-3.109.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): xen-4.12.4_48-3.109.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): xen-4.12.4_48-3.109.1 SUSE Linux Enterprise Server 12 SP5 (src): xen-4.12.4_48-3.109.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1540-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1221984, 1222302, 1222453 CVE References: CVE-2023-46842, CVE-2024-2201, CVE-2024-31142 Maintenance Incident: [SUSE:Maintenance:33625](https://smelt.suse.de/incident/33625/) Sources used: openSUSE Leap 15.3 (src): xen-4.14.6_14-150300.3.72.1 SUSE Linux Enterprise Micro 5.1 (src): xen-4.14.6_14-150300.3.72.1 SUSE Linux Enterprise Micro 5.2 (src): xen-4.14.6_14-150300.3.72.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): xen-4.14.6_14-150300.3.72.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2535-1: An update that solves six vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1214083, 1221332, 1221334, 1221984, 1222302, 1222453, 1227355 CVE References: CVE-2023-28746, CVE-2023-46842, CVE-2024-2193, CVE-2024-2201, CVE-2024-31142, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:33138](https://smelt.suse.de/incident/33138/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): xen-4.13.5_12-150200.3.93.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): xen-4.13.5_12-150200.3.93.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): xen-4.13.5_12-150200.3.93.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2531-1: An update that solves two vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1027519, 1214718, 1221984, 1225953, 1227355 CVE References: CVE-2023-46842, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34723](https://smelt.suse.de/incident/34723/) Sources used: Server Applications Module 15-SP6 (src): xen-4.18.2_06-150600.3.3.1 openSUSE Leap 15.6 (src): xen-4.18.2_06-150600.3.3.1 Basesystem Module 15-SP6 (src): xen-4.18.2_06-150600.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2654-1: An update that solves two vulnerabilities and has two security fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242654-1 Category: security (important) Bug References: 1027519, 1214718, 1221984, 1227355 CVE References: CVE-2023-46842, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34724](https://smelt.suse.de/incident/34724/) Sources used: Server Applications Module 15-SP5 (src): xen-4.17.4_04-150500.3.33.1 openSUSE Leap 15.5 (src): xen-4.17.4_04-150500.3.33.1 openSUSE Leap Micro 5.5 (src): xen-4.17.4_04-150500.3.33.1 SUSE Linux Enterprise Micro 5.5 (src): xen-4.17.4_04-150500.3.33.1 Basesystem Module 15-SP5 (src): xen-4.17.4_04-150500.3.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.