SB2018123010 - OpenSUSE Linux update for xen

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2018-15468)

The vulnerability allows an adjacent administrative attacker to cause DoS condition on the target system.

The vulnerability exists due to the DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not when Branch Trace Store is not virtualised by the processor. An adjacent attacker can lock up the entire host, choose any MSR_DEBUGCTL setting it likes and cause the service to crash.

2) Denial of service (CVE-ID: CVE-2018-15469)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to improper implementation of version 2 of grant tables in the affected software, in the hypervisor or in Linux. An adjacent attacker can request version 2 grant tables, trigger a BUG() check and cause the service to crash.

3) Memory corruption (CVE-ID: CVE-2018-15470)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to the affected software fails to enforce the quota-maxentity setting. An adjacent attacker can write an excessive number of XenStore entries, trigger unbounded memory usage and cause the service to crash.

4) Null pointer dereference (CVE-ID: CVE-2018-18883)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference when handling malicious input. A x86 HVM and PVH guest can send specially crafted content, execute arbitrary virtualization instructions, trigger null pointer deference and cause the service to crash on the host system.

5) Denial of service (CVE-ID: CVE-2018-19961)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to insufficient TLB flushing after improper large page mappings with AMD IOMMUs. An adjacent attacker can cause the service to crash.

6) Privilege escalation (CVE-ID: CVE-2018-19962)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists on AMD x86 platforms due to small IOMMU mappings are unsafely combined into larger ones. An adjacent attacker can gain host OS privileges.

7) Denial of service (CVE-ID: CVE-2018-19965)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to an error when attempting to use INVPCID with a non-canonical addresses. An adjacent attacker can cause the service to crash.

8) Denial of service (CVE-ID: CVE-2018-19966)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to XSA-240 conflicts with shadow paging. An adjacent attacker can cause the service to crash.

9) Side-channel attack (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00073.html