Upstream information

CVE-2017-7228 at MITRE

Description

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.15
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.2
Vector AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Vector Local
Access Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1030442 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP2
  • xen >= 4.7.2_02-36.1
  • xen-libs >= 4.7.2_02-36.1
  • xen-libs-32bit >= 4.7.2_02-36.1
Patchnames:
SUSE-SLE-DESKTOP-12-SP2-2017-572
SUSE Linux Enterprise Point of Sale 11 SP3
  • xen >= 4.2.5_21-38.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-libs >= 4.2.5_21-38.1
  • xen-tools-domU >= 4.2.5_21-38.1
Patchnames:
sleposp3-xen-13067
SUSE Linux Enterprise Server 11 SP3-LTSS
  • xen >= 4.2.5_21-38.1
  • xen-doc-html >= 4.2.5_21-38.1
  • xen-doc-pdf >= 4.2.5_21-38.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-libs >= 4.2.5_21-38.1
  • xen-libs-32bit >= 4.2.5_21-38.1
  • xen-tools >= 4.2.5_21-38.1
  • xen-tools-domU >= 4.2.5_21-38.1
Patchnames:
slessp3-xen-13067
SUSE Linux Enterprise Server 11 SP4
  • xen >= 4.4.4_16-54.1
  • xen-doc-html >= 4.4.4_16-54.1
  • xen-kmp-default >= 4.4.4_16_3.0.101_97-54.1
  • xen-kmp-pae >= 4.4.4_16_3.0.101_97-54.1
  • xen-libs >= 4.4.4_16-54.1
  • xen-libs-32bit >= 4.4.4_16-54.1
  • xen-tools >= 4.4.4_16-54.1
  • xen-tools-domU >= 4.4.4_16-54.1
Patchnames:
slessp4-xen-13069
SUSE Linux Enterprise Server 12 SP2
  • xen >= 4.7.2_02-36.1
  • xen-doc-html >= 4.7.2_02-36.1
  • xen-libs >= 4.7.2_02-36.1
  • xen-libs-32bit >= 4.7.2_02-36.1
  • xen-tools >= 4.7.2_02-36.1
  • xen-tools-domU >= 4.7.2_02-36.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-2017-572
SUSE Linux Enterprise Server 12-LTSS
  • xen >= 4.4.4_16-22.36.1
  • xen-doc-html >= 4.4.4_16-22.36.1
  • xen-kmp-default >= 4.4.4_16_k3.12.61_52.69-22.36.1
  • xen-libs >= 4.4.4_16-22.36.1
  • xen-libs-32bit >= 4.4.4_16-22.36.1
  • xen-tools >= 4.4.4_16-22.36.1
  • xen-tools-domU >= 4.4.4_16-22.36.1
Patchnames:
SUSE-SLE-SERVER-12-2017-626
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xen >= 4.4.4_16-54.1
  • xen-devel >= 4.4.4_16-54.1
Patchnames:
sdksp4-xen-13069
SUSE Linux Enterprise Software Development Kit 12 SP2
  • xen >= 4.7.2_02-36.1
  • xen-devel >= 4.7.2_02-36.1
Patchnames:
SUSE-SLE-SDK-12-SP2-2017-572
SUSE Linux Enterprise for SAP 12
  • xen >= 4.4.4_16-22.36.1
  • xen-doc-html >= 4.4.4_16-22.36.1
  • xen-kmp-default >= 4.4.4_16_k3.12.61_52.69-22.36.1
  • xen-libs >= 4.4.4_16-22.36.1
  • xen-libs-32bit >= 4.4.4_16-22.36.1
  • xen-tools >= 4.4.4_16-22.36.1
  • xen-tools-domU >= 4.4.4_16-22.36.1
Patchnames:
SUSE-SLE-SAP-12-2017-626
SUSE Manager 2.1
  • xen >= 4.2.5_21-38.1
  • xen-doc-html >= 4.2.5_21-38.1
  • xen-doc-pdf >= 4.2.5_21-38.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-libs >= 4.2.5_21-38.1
  • xen-libs-32bit >= 4.2.5_21-38.1
  • xen-tools >= 4.2.5_21-38.1
  • xen-tools-domU >= 4.2.5_21-38.1
Patchnames:
sleman21-xen-13067
SUSE Manager Proxy 2.1
  • xen >= 4.2.5_21-38.1
  • xen-doc-html >= 4.2.5_21-38.1
  • xen-doc-pdf >= 4.2.5_21-38.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-libs >= 4.2.5_21-38.1
  • xen-libs-32bit >= 4.2.5_21-38.1
  • xen-tools >= 4.2.5_21-38.1
  • xen-tools-domU >= 4.2.5_21-38.1
Patchnames:
slemap21-xen-13067
SUSE OpenStack Cloud 5
  • xen >= 4.2.5_21-38.1
  • xen-doc-html >= 4.2.5_21-38.1
  • xen-doc-pdf >= 4.2.5_21-38.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.99-38.1
  • xen-libs >= 4.2.5_21-38.1
  • xen-libs-32bit >= 4.2.5_21-38.1
  • xen-tools >= 4.2.5_21-38.1
  • xen-tools-domU >= 4.2.5_21-38.1
Patchnames:
sleclo50sp3-xen-13067
openSUSE Leap 42.2
  • xen >= 4.7.2_02-11.3.1
  • xen-debugsource >= 4.7.2_02-11.3.1
  • xen-devel >= 4.7.2_02-11.3.1
  • xen-doc-html >= 4.7.2_02-11.3.1
  • xen-libs >= 4.7.2_02-11.3.1
  • xen-libs-32bit >= 4.7.2_02-11.3.1
  • xen-libs-debuginfo >= 4.7.2_02-11.3.1
  • xen-libs-debuginfo-32bit >= 4.7.2_02-11.3.1
  • xen-tools >= 4.7.2_02-11.3.1
  • xen-tools-debuginfo >= 4.7.2_02-11.3.1
  • xen-tools-domU >= 4.7.2_02-11.3.1
  • xen-tools-domU-debuginfo >= 4.7.2_02-11.3.1
Patchnames:
openSUSE-2017-492


List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Product(s) Source package
  • SUSE Linux Enterprise Server for SAP 11 SP3
xen