SB2023101251 - SUSE update for xen

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2023-34323)

The vulnerability allows a remote guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling negative quota values in C Xenstored. A malicious guest can craft a transaction that forces C Xenstored to check quota value and perform a denial of service attack.

2) Stack-based buffer overflow (CVE-ID: CVE-2023-34325)

The vulnerability allows a remote guest to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in libfsimage. A remote guest can use pygrab to trigger stack-based buffer overflow and execute arbitrary code on the host system.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34326)

The vulnerability allows a remote guest to escalate privileges on the system.

The vulnerability exists due to missing IOMMU TLB flushing on x86/AMD systems. A malicious guest can access memory not owned by the guest and escalate privileges on the system.

4) State Issues (CVE-ID: CVE-2023-34327)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.

5) State Issues (CVE-ID: CVE-2023-34328)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of guest state in PV vCPU. A malicious guest place a breakpoint over the live GDT and perform a denial of service (DoS) attack against the host.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2023/suse-su-20234055-1/