Bugzilla – Bug 1227355
VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458)
Last modified: 2024-07-30 16:30:57 UTC
Xen Security Advisory CVE-2024-31143 / XSA-458 double unlock in x86 guest IRQ handling *** EMBARGOED UNTIL 2024-07-16 12:00 UTC *** ISSUE DESCRIPTION ================= An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held. IMPACT ====== Denial of Service (DoS) affecting the entire host, crashes, information leaks, or elevation of privilege all cannot be ruled out. VULNERABLE SYSTEMS ================== Xen versions 4.4 and newer are vulnerable. Xen versions 4.3 and older are not vulnerable. Only x86 guest which have a multi-vector MSI capable device passed through to them can leverage the vulnerability. MITIGATION ========== Not passing through multi-vector MSI capable devices to x86 guests will avoid the vulnerability. RESOLUTION ========== Applying the attached patch resolves this issue. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa458.patch xen-unstable - Xen 4.16.x $ sha256sum xsa458* 22dd1071755b1fd6b4ea3ce18a200f626ee796e77b7e7d93a3a5b33d2a896706 xsa458.patch $
Created attachment 875856 [details] Attached patch
Public: https://xenbits.xen.org/xsa/advisory-458.html
This is an autogenerated message for OBS integration: This bug (1227355) was mentioned in https://build.opensuse.org/request/show/1187952 Factory / xen
Fix is now submitted to all distros.
SUSE-SU-2024:2535-1: An update that solves six vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1214083, 1221332, 1221334, 1221984, 1222302, 1222453, 1227355 CVE References: CVE-2023-28746, CVE-2023-46842, CVE-2024-2193, CVE-2024-2201, CVE-2024-31142, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:33138](https://smelt.suse.de/incident/33138/) Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): xen-4.13.5_12-150200.3.93.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): xen-4.13.5_12-150200.3.93.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): xen-4.13.5_12-150200.3.93.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2534-1: An update that solves two vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1027519, 1222453, 1227355 CVE References: CVE-2024-2201, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34727](https://smelt.suse.de/incident/34727/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): xen-4.12.4_50-3.112.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): xen-4.12.4_50-3.112.1 SUSE Linux Enterprise Server 12 SP5 (src): xen-4.12.4_50-3.112.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2533-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1222453, 1227355 CVE References: CVE-2024-2201, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34726](https://smelt.suse.de/incident/34726/) Sources used: openSUSE Leap 15.3 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): xen-4.14.6_16-150300.3.75.1 SUSE Enterprise Storage 7.1 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise Micro 5.1 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise Micro 5.2 (src): xen-4.14.6_16-150300.3.75.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): xen-4.14.6_16-150300.3.75.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2531-1: An update that solves two vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1027519, 1214718, 1221984, 1225953, 1227355 CVE References: CVE-2023-46842, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34723](https://smelt.suse.de/incident/34723/) Sources used: Server Applications Module 15-SP6 (src): xen-4.18.2_06-150600.3.3.1 openSUSE Leap 15.6 (src): xen-4.18.2_06-150600.3.3.1 Basesystem Module 15-SP6 (src): xen-4.18.2_06-150600.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi is xen package from SLES12 SP2 affected? There is an open L3 ticket asking for PTF with the fix.
(In reply to Brahmajit Das from comment #13) > Hi is xen package from SLES12 SP2 affected? There is an open L3 ticket > asking for PTF with the fix. As per the advisory clearly saying "4.4 and newer" it would be affected. Yet then I'm unaware of us still doing anything for the 12sp2 code stream. Please clarify.
(In reply to Jan Beulich from comment #14) > (In reply to Brahmajit Das from comment #13) > > Hi is xen package from SLES12 SP2 affected? There is an open L3 ticket > > asking for PTF with the fix. > > As per the advisory clearly saying "4.4 and newer" it would be affected. Yet > then I'm unaware of us still doing anything for the 12sp2 code stream. > Please clarify. Right. We no longer submit security fixes for SP2. LTSS support ended for SP2 on 31 Mar 2021. I'm not aware of any "core" support for SP2 that extended that date. As Jan said, please clarify if this is a valid L3 support request.
SUSE-SU-2024:2654-1: An update that solves two vulnerabilities and has two security fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242654-1 Category: security (important) Bug References: 1027519, 1214718, 1221984, 1227355 CVE References: CVE-2023-46842, CVE-2024-31143 Maintenance Incident: [SUSE:Maintenance:34724](https://smelt.suse.de/incident/34724/) Sources used: Server Applications Module 15-SP5 (src): xen-4.17.4_04-150500.3.33.1 openSUSE Leap 15.5 (src): xen-4.17.4_04-150500.3.33.1 openSUSE Leap Micro 5.5 (src): xen-4.17.4_04-150500.3.33.1 SUSE Linux Enterprise Micro 5.5 (src): xen-4.17.4_04-150500.3.33.1 Basesystem Module 15-SP5 (src): xen-4.17.4_04-150500.3.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.