Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3728-1 Final 1 1 2022-10-25T13:40:54Z current 2022-10-25T13:40:54Z 2022-10-25T13:40:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-BYOS-2022-3728,Image SLES12-SP5-EC2-ECS-On-Demand-2022-3728,Image SLES12-SP5-EC2-On-Demand-2022-3728,Image SLES12-SP5-EC2-SAP-BYOS-2022-3728,Image SLES12-SP5-EC2-SAP-On-Demand-2022-3728,SUSE-2022-3728,SUSE-SLE-SDK-12-SP5-2022-3728,SUSE-SLE-SERVER-12-SP5-2022-3728 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ Link for SUSE-SU-2022:3728-1 https://lists.suse.com/pipermail/sle-security-updates/2022-October/012670.html E-Mail link for SUSE-SU-2022:3728-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1185104 SUSE Bug 1185104 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 https://bugzilla.suse.com/1203806 SUSE Bug 1203806 https://bugzilla.suse.com/1203807 SUSE Bug 1203807 https://www.suse.com/security/cve/CVE-2021-28689/ SUSE CVE CVE-2021-28689 page https://www.suse.com/security/cve/CVE-2022-26365/ SUSE CVE CVE-2022-26365 page https://www.suse.com/security/cve/CVE-2022-33740/ SUSE CVE CVE-2022-33740 page https://www.suse.com/security/cve/CVE-2022-33741/ SUSE CVE CVE-2022-33741 page https://www.suse.com/security/cve/CVE-2022-33742/ SUSE CVE CVE-2022-33742 page https://www.suse.com/security/cve/CVE-2022-33746/ SUSE CVE CVE-2022-33746 page https://www.suse.com/security/cve/CVE-2022-33748/ SUSE CVE CVE-2022-33748 page Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 xen-libs-4.12.4_28-3.77.1 xen-tools-domU-4.12.4_28-3.77.1 xen-4.12.4_28-3.77.1 xen-devel-4.12.4_28-3.77.1 xen-doc-html-4.12.4_28-3.77.1 xen-libs-32bit-4.12.4_28-3.77.1 xen-libs-64bit-4.12.4_28-3.77.1 xen-tools-4.12.4_28-3.77.1 xen-libs-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-BYOS xen-tools-domU-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-BYOS xen-libs-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-tools-domU-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-libs-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-tools-domU-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-libs-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-tools-domU-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-libs-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-tools-domU-4.12.4_28-3.77.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-doc-html-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-32bit-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-domU-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-doc-html-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-32bit-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-domU-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-devel-4.12.4_28-3.77.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated. CVE-2021-28689 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2021-28689.html CVE-2021-28689 https://bugzilla.suse.com/1185104 SUSE Bug 1185104 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-26365 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-26365.html CVE-2022-26365 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33740 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-33740.html CVE-2022-33740 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33741 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-33741.html CVE-2022-33741 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). CVE-2022-33742 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-33742.html CVE-2022-33742 https://bugzilla.suse.com/1200762 SUSE Bug 1200762 P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. CVE-2022-33746 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-33746.html CVE-2022-33746 https://bugzilla.suse.com/1203806 SUSE Bug 1203806 lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. CVE-2022-33748 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_28-3.77.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_28-3.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_28-3.77.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_28-3.77.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/ https://www.suse.com/security/cve/CVE-2022-33748.html CVE-2022-33748 https://bugzilla.suse.com/1203807 SUSE Bug 1203807