CVE-2021-28701

Upstream information

CVE-2021-28701 at MITRE

Description

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores

	SUSE
Base Score	7.4
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Access Vector	Local
Access Complexity	High
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1189632 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-IU-2021:727-1, published Thu Sep 30 06:14:42 UTC 2021
• SUSE-IU-2021:728-1, published Thu Sep 30 06:15:30 UTC 2021
• SUSE-IU-2021:729-1, published Thu Sep 30 06:16:32 UTC 2021
• SUSE-IU-2021:741-1, published Wed Oct 27 06:27:27 UTC 2021
• SUSE-IU-2021:742-1, published Wed Oct 27 06:30:19 UTC 2021
• SUSE-IU-2021:747-1, published Thu Oct 28 06:28:53 UTC 2021
• SUSE-IU-2022:149-1, published Sat Jan 29 07:31:36 UTC 2022
• SUSE-IU-2022:237-1, published Thu Feb 3 07:28:34 UTC 2022
• SUSE-SU-2021:14848-1, published Wed Dec 1 21:06:05 UTC 2021
• SUSE-SU-2021:3140-1, published Sat Sep 18 16:17:58 UTC 2021
• SUSE-SU-2021:3140-2, published Thu Oct 21 19:17:56 UTC 2021
• SUSE-SU-2021:3141-1, published Sat Sep 18 16:16:43 UTC 2021
• SUSE-SU-2021:3181-1, published Tue Sep 21 20:49:39 UTC 2021
• SUSE-SU-2021:3213-1, published Thu Sep 23 19:28:00 UTC 2021
• SUSE-SU-2021:3322-1, published Thu Oct 7 22:16:30 UTC 2021
• SUSE-SU-2021:3842-1, published Wed Dec 1 20:57:22 UTC 2021
• SUSE-SU-2021:3849-1, published Wed Dec 1 20:40:51 UTC 2021
• SUSE-SU-2021:3977-1, published Thu Dec 9 14:21:59 UTC 2021
• openSUSE-SU-2021:1301-1, published Wed Sep 22 03:40:12 2021
• openSUSE-SU-2021:3140-1, published Sat Sep 18 18:40:35 2021

List of released packages

Product(s)	Fixed package version(s)	References
Container suse/sles/15.3/libguestfs-tools:0.45.0.7.7.1 Container suse/sles/15.3/virt-launcher:0.45.0.8.14.1 Image SLES15-SP3-Azure-Basic Image SLES15-SP3-Azure-Standard Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-BYOS-OCI Image SLES15-SP3-CHOST-BYOS-Aliyun Image SLES15-SP3-CHOST-BYOS-Azure Image SLES15-SP3-CHOST-BYOS-GCE Image SLES15-SP3-GCE Image SLES15-SP3-HPC-Azure Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP3-Micro-5-1-BYOS-Azure Image SLES15-SP3-Micro-5-1-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-Micro-BYOS-GCE Image SLES15-SP3-SAP-Azure Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAP-BYOS-OCI Image SLES15-SP3-SAP-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-GCE	xen-libs >= 4.14.2_06-3.12.1
HPE Helion Openstack 8	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: HPE-Helion-OpenStack-8-2021-3213
Image SLES12-SP4-EC2-HVM-BYOS Image SLES12-SP4-SAP-EC2-HVM Image SLES12-SP4-SAP-EC2-HVM-BYOS	xen-libs >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1
Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand	xen-libs >= 4.12.4_14-3.52.1 xen-tools-domU >= 4.12.4_14-3.52.1
Image SLES15-EC2-CHOST-HVM-BYOS Image SLES15-EC2-HVM-BYOS Image SLES15-SAP-EC2-HVM Image SLES15-SAP-EC2-HVM-BYOS	xen-libs >= 4.10.4_30-3.68.1 xen-tools-domU >= 4.10.4_30-3.68.1
Image SLES15-SP1-CHOST-BYOS-EC2 Image SLES15-SP1-EC2-HPC-HVM-BYOS Image SLES15-SP1-EC2-HVM-BYOS Image SLES15-SP1-SAP-EC2-HVM Image SLES15-SP1-SAP-EC2-HVM-BYOS Image SLES15-SP1-SAPCAL-EC2-HVM	xen-libs >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1
Image SLES15-SP2-BYOS-Azure Image SLES15-SP2-BYOS-GCE Image SLES15-SP2-CHOST-BYOS-Aliyun Image SLES15-SP2-CHOST-BYOS-Azure Image SLES15-SP2-CHOST-BYOS-GCE Image SLES15-SP2-HPC-BYOS-Azure Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE Image SLES15-SP2-SAP-Azure Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP2-SAP-BYOS-Azure Image SLES15-SP2-SAP-BYOS-GCE Image SLES15-SP2-SAP-GCE	xen-libs >= 4.13.3_04-3.37.1
Image SLES15-SP2-BYOS-EC2-HVM Image SLES15-SP2-CHOST-BYOS-EC2 Image SLES15-SP2-HPC-BYOS-EC2-HVM Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM Image SLES15-SP2-SAP-BYOS-EC2-HVM Image SLES15-SP2-SAP-EC2-HVM	xen-libs >= 4.13.3_04-3.37.1 xen-tools-domU >= 4.13.3_04-3.37.1
Image SLES15-SP3-BYOS-EC2-HVM Image SLES15-SP3-CHOST-BYOS-EC2 Image SLES15-SP3-EC2-ECS-HVM Image SLES15-SP3-EC2-HVM Image SLES15-SP3-HPC-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-SAP-BYOS-EC2-HVM Image SLES15-SP3-SAP-EC2-HVM Image SLES15-SP3-SAPCAL-EC2-HVM	xen-libs >= 4.14.2_06-3.12.1 xen-tools-domU >= 4.14.2_06-3.12.1
SUSE CaaS Platform 4.0	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SUSE-CAASP-4.0-2021-3977
SUSE Enterprise Storage 6	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-Storage-6-2021-3977
SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP2	xen-libs >= 4.13.3_04-3.37.1 xen-tools-domU >= 4.13.3_04-3.37.1	Patchnames: SUSE-SLE-Module-Basesystem-15-SP2-2021-3141
SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP3	xen-libs >= 4.14.2_06-3.12.1 xen-tools-domU >= 4.14.2_06-3.12.1	Patchnames: SUSE-SLE-Module-Basesystem-15-SP3-2021-3140
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3977
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3977
SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1	xen >= 4.13.3_04-3.37.1 xen-devel >= 4.13.3_04-3.37.1 xen-libs >= 4.13.3_04-3.37.1 xen-tools >= 4.13.3_04-3.37.1 xen-tools-domU >= 4.13.3_04-3.37.1 xen-tools-xendomains-wait-disk >= 4.13.3_04-3.37.1	Patchnames: SUSE-SLE-Module-Basesystem-15-SP2-2021-3141 SUSE-SLE-Module-Server-Applications-15-SP2-2021-3141
SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2	xen >= 4.14.2_06-3.12.1 xen-devel >= 4.14.2_06-3.12.1 xen-libs >= 4.14.2_06-3.12.1 xen-tools >= 4.14.2_06-3.12.1 xen-tools-domU >= 4.14.2_06-3.12.1 xen-tools-xendomains-wait-disk >= 4.14.2_06-3.12.1	Patchnames: SUSE-SLE-Module-Basesystem-15-SP3-2021-3140 SUSE-SLE-Module-Server-Applications-15-SP3-2021-3140
SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS	xen >= 4.10.4_30-3.68.1 xen-devel >= 4.10.4_30-3.68.1 xen-libs >= 4.10.4_30-3.68.1 xen-tools >= 4.10.4_30-3.68.1 xen-tools-domU >= 4.10.4_30-3.68.1	Patchnames: SUSE-SLE-Product-HPC-15-2021-3842
SUSE Linux Enterprise Micro 5.0	xen-libs >= 4.13.3_04-3.37.1	Patchnames: SUSE-SUSE-MicroOS-5.0-2021-3141
SUSE Linux Enterprise Micro 5.1	xen-libs >= 4.14.2_06-3.12.1	Patchnames: SUSE-SUSE-MicroOS-5.1-2021-3140
SUSE Linux Enterprise Module for Server Applications 15 SP2	xen >= 4.13.3_04-3.37.1 xen-devel >= 4.13.3_04-3.37.1 xen-tools >= 4.13.3_04-3.37.1 xen-tools-xendomains-wait-disk >= 4.13.3_04-3.37.1	Patchnames: SUSE-SLE-Module-Server-Applications-15-SP2-2021-3141
SUSE Linux Enterprise Module for Server Applications 15 SP3	xen >= 4.14.2_06-3.12.1 xen-devel >= 4.14.2_06-3.12.1 xen-tools >= 4.14.2_06-3.12.1 xen-tools-xendomains-wait-disk >= 4.14.2_06-3.12.1	Patchnames: SUSE-SLE-Module-Server-Applications-15-SP3-2021-3140
SUSE Linux Enterprise Server 11 SP4-LTSS	xen >= 4.4.4_50-61.67.1 xen-doc-html >= 4.4.4_50-61.67.1 xen-kmp-default >= 4.4.4_50_3.0.101_108.129-61.67.1 xen-kmp-pae >= 4.4.4_50_3.0.101_108.129-61.67.1 xen-libs >= 4.4.4_50-61.67.1 xen-libs-32bit >= 4.4.4_50-61.67.1 xen-tools >= 4.4.4_50-61.67.1 xen-tools-domU >= 4.4.4_50-61.67.1	Patchnames: slessp4-xen-14848
SUSE Linux Enterprise Server 12 SP2-BCL	xen >= 4.7.6_16-43.79.5 xen-doc-html >= 4.7.6_16-43.79.5 xen-libs >= 4.7.6_16-43.79.5 xen-libs-32bit >= 4.7.6_16-43.79.5 xen-tools >= 4.7.6_16-43.79.5 xen-tools-domU >= 4.7.6_16-43.79.5	Patchnames: SUSE-SLE-SERVER-12-SP2-BCL-2021-3322
SUSE Linux Enterprise Server 12 SP3-BCL	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-SLE-SERVER-12-SP3-BCL-2021-3213
SUSE Linux Enterprise Server 12 SP3-ESPOS	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-SLE-SERVER-12-SP3-ESPOS-2021-3213
SUSE Linux Enterprise Server 12 SP3-LTSS	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-SLE-SERVER-12-SP3-2021-3213
SUSE Linux Enterprise Server 12 SP4-ESPOS	xen >= 4.11.4_24-2.65.1 xen-doc-html >= 4.11.4_24-2.65.1 xen-libs >= 4.11.4_24-2.65.1 xen-libs-32bit >= 4.11.4_24-2.65.1 xen-tools >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1	Patchnames: SUSE-SLE-SERVER-12-SP4-ESPOS-2021-3849
SUSE Linux Enterprise Server 12 SP4-LTSS	xen >= 4.11.4_24-2.65.1 xen-doc-html >= 4.11.4_24-2.65.1 xen-libs >= 4.11.4_24-2.65.1 xen-libs-32bit >= 4.11.4_24-2.65.1 xen-tools >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1	Patchnames: SUSE-SLE-SERVER-12-SP4-LTSS-2021-3849
SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5	xen >= 4.12.4_14-3.52.1 xen-devel >= 4.12.4_14-3.52.1 xen-doc-html >= 4.12.4_14-3.52.1 xen-libs >= 4.12.4_14-3.52.1 xen-libs-32bit >= 4.12.4_14-3.52.1 xen-tools >= 4.12.4_14-3.52.1 xen-tools-domU >= 4.12.4_14-3.52.1	Patchnames: SUSE-SLE-SDK-12-SP5-2021-3181 SUSE-SLE-SERVER-12-SP5-2021-3181
SUSE Linux Enterprise Server 15 SP1-BCL	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3977
SUSE Linux Enterprise Server 15 SP1-LTSS	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3977
SUSE Linux Enterprise Server 15-LTSS	xen >= 4.10.4_30-3.68.1 xen-devel >= 4.10.4_30-3.68.1 xen-libs >= 4.10.4_30-3.68.1 xen-tools >= 4.10.4_30-3.68.1 xen-tools-domU >= 4.10.4_30-3.68.1	Patchnames: SUSE-SLE-Product-SLES-15-2021-3842
SUSE Linux Enterprise Server for SAP Applications 12 SP3	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-SLE-SAP-12-SP3-2021-3213
SUSE Linux Enterprise Server for SAP Applications 12 SP4	xen >= 4.11.4_24-2.65.1 xen-doc-html >= 4.11.4_24-2.65.1 xen-libs >= 4.11.4_24-2.65.1 xen-libs-32bit >= 4.11.4_24-2.65.1 xen-tools >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1	Patchnames: SUSE-SLE-SAP-12-SP4-2021-3849
SUSE Linux Enterprise Server for SAP Applications 15 SP1	xen >= 4.12.4_16-3.57.1 xen-devel >= 4.12.4_16-3.57.1 xen-libs >= 4.12.4_16-3.57.1 xen-tools >= 4.12.4_16-3.57.1 xen-tools-domU >= 4.12.4_16-3.57.1	Patchnames: SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3977
SUSE Linux Enterprise Server for SAP Applications 15	xen >= 4.10.4_30-3.68.1 xen-devel >= 4.10.4_30-3.68.1 xen-libs >= 4.10.4_30-3.68.1 xen-tools >= 4.10.4_30-3.68.1 xen-tools-domU >= 4.10.4_30-3.68.1	Patchnames: SUSE-SLE-Product-SLES_SAP-15-2021-3842
SUSE Linux Enterprise Software Development Kit 12 SP5	xen-devel >= 4.12.4_14-3.52.1	Patchnames: SUSE-SLE-SDK-12-SP5-2021-3181
SUSE OpenStack Cloud 8	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-OpenStack-Cloud-8-2021-3213
SUSE OpenStack Cloud 9	xen >= 4.11.4_24-2.65.1 xen-doc-html >= 4.11.4_24-2.65.1 xen-libs >= 4.11.4_24-2.65.1 xen-libs-32bit >= 4.11.4_24-2.65.1 xen-tools >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1	Patchnames: SUSE-OpenStack-Cloud-9-2021-3849
SUSE OpenStack Cloud Crowbar 8	xen >= 4.9.4_22-3.94.2 xen-doc-html >= 4.9.4_22-3.94.2 xen-libs >= 4.9.4_22-3.94.2 xen-libs-32bit >= 4.9.4_22-3.94.2 xen-tools >= 4.9.4_22-3.94.2 xen-tools-domU >= 4.9.4_22-3.94.2	Patchnames: SUSE-OpenStack-Cloud-Crowbar-8-2021-3213
SUSE OpenStack Cloud Crowbar 9	xen >= 4.11.4_24-2.65.1 xen-doc-html >= 4.11.4_24-2.65.1 xen-libs >= 4.11.4_24-2.65.1 xen-libs-32bit >= 4.11.4_24-2.65.1 xen-tools >= 4.11.4_24-2.65.1 xen-tools-domU >= 4.11.4_24-2.65.1	Patchnames: SUSE-OpenStack-Cloud-Crowbar-9-2021-3849
openSUSE Leap 15.2	xen >= 4.13.3_04-lp152.2.30.1 xen-devel >= 4.13.3_04-lp152.2.30.1 xen-doc-html >= 4.13.3_04-lp152.2.30.1 xen-libs >= 4.13.3_04-lp152.2.30.1 xen-libs-32bit >= 4.13.3_04-lp152.2.30.1 xen-tools >= 4.13.3_04-lp152.2.30.1 xen-tools-domU >= 4.13.3_04-lp152.2.30.1 xen-tools-xendomains-wait-disk >= 4.13.3_04-lp152.2.30.1	Patchnames: openSUSE-2021-1301
openSUSE Leap 15.3	xen >= 4.14.2_06-3.12.1 xen-devel >= 4.14.2_06-3.12.1 xen-doc-html >= 4.14.2_06-3.12.1 xen-libs >= 4.14.2_06-3.12.1 xen-libs-32bit >= 4.14.2_06-3.12.1 xen-tools >= 4.14.2_06-3.12.1 xen-tools-domU >= 4.14.2_06-3.12.1 xen-tools-xendomains-wait-disk >= 4.14.2_06-3.12.1	Patchnames: openSUSE-SLE-15.3-2021-3140

---

First public cloud image revisions this CVE is fixed in:

• alibaba/sles-15-sp2-chost-byos-v20211025
• alibaba/sles-15-sp3-chost-byos-v20210927
• amazon/suse-manager-4-1-proxy-byos-v20211207-hvm-ssd-x86_64
• amazon/suse-manager-4-1-server-byos-v20211206-hvm-ssd-x86_64
• amazon/suse-manager-4-2-proxy-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-manager-4-2-server-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-12-sp3-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-12-sp4-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-12-sp5-byos-v20211206-hvm-ssd-x86_64
• amazon/suse-sles-12-sp5-v20211208-ecs-hvm-ssd-x86_64
• amazon/suse-sles-12-sp5-v20211208-hvm-ssd-x86_64
• amazon/suse-sles-15-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-15-chost-byos-v20220201-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-sapcal-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-chost-byos-v20211025-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-chost-byos-v20210927-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-chost-byos-v20211004-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-v20210924-ecs-hvm-ssd-x86_64
• amazon/suse-sles-15-sp3-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp1-byos-v20220131-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp2-byos-v20220131-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp3-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp3-byos-v20220128-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp3-v20220304-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp4-byos-v20220201-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp4-v20220304-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp5-byos-v20211207-hvm-ssd-x86_64
• amazon/suse-sles-sap-12-sp5-v20220305-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-byos-v20220131-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp1-byos-v20220131-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp1-v20220304-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp2-byos-v20220131-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp2-v20220304-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp3-byos-v20210924-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-v20220304-hvm-ssd-x86_64
• google/sles-12-sp3-sap-byos-v20220126
• google/sles-12-sp3-sap-v20220126
• google/sles-15-sp2-byos-v20220126
• google/sles-15-sp2-chost-byos-v20211025
• google/sles-15-sp2-sap-byos-v20220126
• google/sles-15-sp2-sap-v20220126
• google/sles-15-sp3-byos-v20211113
• google/sles-15-sp3-chost-byos-v20210927
• google/sles-15-sp3-chost-byos-v20211004
• google/sles-15-sp3-sap-byos-v20211113
• google/sles-15-sp3-sap-v20211113
• google/sles-15-sp3-sapcal-v20220119
• google/sles-15-sp3-v20211113
• google/suse-manager-4-1-proxy-byos-v20211207
• google/suse-manager-4-1-server-byos-v20211207
• google/suse-manager-4-2-proxy-byos-v20211117
• google/suse-manager-4-2-server-byos-v20211113
• microsoft/suse-manager-4-1-proxy-byos-v20211209
• microsoft/suse-manager-4-1-server-byos-v20211209
• microsoft/suse-manager-4-2-proxy-byos-v20210924
• microsoft/suse-manager-4-2-server-byos-v20210924
• microsoft/suse-sles-15-sp2-byos-v20220128
• microsoft/suse-sles-15-sp2-chost-byos-v20211025
• microsoft/suse-sles-15-sp2-hpc-byos-v20220128
• microsoft/suse-sles-15-sp3-basic-v20210924
• microsoft/suse-sles-15-sp3-byos-v20210924
• microsoft/suse-sles-15-sp3-chost-byos-v20210927
• microsoft/suse-sles-15-sp3-chost-byos-v20211004
• microsoft/suse-sles-15-sp3-hpc-byos-v20210924
• microsoft/suse-sles-15-sp3-hpc-v20210924
• microsoft/suse-sles-15-sp3-sapcal-v20220120
• microsoft/suse-sles-15-sp3-v20210924
• microsoft/suse-sles-sap-12-sp3-byos-v20220128
• microsoft/suse-sles-sap-12-sp3-v20220127
• microsoft/suse-sles-sap-15-sp2-byos-v20220128
• microsoft/suse-sles-sap-15-sp2-v20220127
• microsoft/suse-sles-sap-15-sp3-byos-v20210924
• microsoft/suse-sles-sap-15-sp3-v20210924

---

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s)	Source package	State
HPE Helion OpenStack 8	xen	Released
SUSE CaaS Platform 4.0	xen	Released
SUSE CaaS Platform 4.5	xen	In progress
SUSE Enterprise Storage 6	xen	Released
SUSE Enterprise Storage 7	xen	Released
SUSE Linux Enterprise Desktop 15 SP2	xen	In progress
SUSE Linux Enterprise Desktop 15 SP3	xen	Released
SUSE Linux Enterprise Desktop 15 SP4	xen	Already fixed
SUSE Linux Enterprise High Performance Computing 12 SP5	xen	Released
SUSE Linux Enterprise High Performance Computing 15 LTSS	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP2	xen	In progress
SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP3	xen	Released
SUSE Linux Enterprise High Performance Computing 15 SP4	xen	Already fixed
SUSE Linux Enterprise Micro 5.0	xen	Released
SUSE Linux Enterprise Micro 5.1	xen	Released
SUSE Linux Enterprise Module for Basesystem 15 SP2	xen	In progress
SUSE Linux Enterprise Module for Basesystem 15 SP3	xen	Released
SUSE Linux Enterprise Module for Basesystem 15 SP4	xen	Already fixed
SUSE Linux Enterprise Module for Server Applications 15 SP2	xen	In progress
SUSE Linux Enterprise Module for Server Applications 15 SP3	xen	Released
SUSE Linux Enterprise Module for Server Applications 15 SP4	xen	Already fixed
SUSE Linux Enterprise Point of Service 11 SP3	xen	Not affected
SUSE Linux Enterprise Real Time 15 SP2	xen	Released
SUSE Linux Enterprise Server 11 SP1	xen	Unsupported
SUSE Linux Enterprise Server 11 SP3	xen	Unsupported
SUSE Linux Enterprise Server 11 SP4 LTSS	xen	Released
SUSE Linux Enterprise Server 12 SP2 BCL	xen	Released
SUSE Linux Enterprise Server 12 SP3 BCL	xen	Released
SUSE Linux Enterprise Server 12 SP3 ESPOS	xen	Released
SUSE Linux Enterprise Server 12 SP3 LTSS	xen	Released
SUSE Linux Enterprise Server 12 SP4 ESPOS	xen	Released
SUSE Linux Enterprise Server 12 SP4 LTSS	xen	Released
SUSE Linux Enterprise Server 12 SP5	xen	Released
SUSE Linux Enterprise Server 15 ESPOS	xen	Released
SUSE Linux Enterprise Server 15 LTSS	xen	Released
SUSE Linux Enterprise Server 15 SP1 LTSS	xen	Released
SUSE Linux Enterprise Server 15 SP2	xen	In progress
SUSE Linux Enterprise Server 15 SP2 LTSS	xen	Released
SUSE Linux Enterprise Server 15 SP3	xen	Released
SUSE Linux Enterprise Server 15 SP4	xen	Already fixed
SUSE Linux Enterprise Server Business Critical Linux 15 SP1	xen	Released
SUSE Linux Enterprise Server Business Critical Linux 15 SP2	xen	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP3	xen	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP4	xen	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP5	xen	Released
SUSE Linux Enterprise Server for SAP Applications 15	xen	Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1	xen	Released
SUSE Linux Enterprise Server for SAP Applications 15 SP2	xen	In progress
SUSE Linux Enterprise Server for SAP Applications 15 SP3	xen	Released
SUSE Linux Enterprise Server for SAP Applications 15 SP4	xen	Already fixed
SUSE Linux Enterprise Software Development Kit 12 SP5	xen	Released
SUSE Linux Enterprise Storage 7	xen	In progress
SUSE Linux Enterprise Storage 7.1	xen	Released
SUSE Manager Proxy 4.0	xen	Unsupported
SUSE Manager Proxy 4.1	xen	In progress
SUSE Manager Proxy 4.2	xen	Released
SUSE Manager Proxy 4.3	xen	Already fixed
SUSE Manager Retail Branch Server 4.0	xen	Unsupported
SUSE Manager Retail Branch Server 4.1	xen	In progress
SUSE Manager Retail Branch Server 4.2	xen	Released
SUSE Manager Retail Branch Server 4.3	xen	Already fixed
SUSE Manager Server 4.0	xen	Unsupported
SUSE Manager Server 4.1	xen	In progress
SUSE Manager Server 4.2	xen	Released
SUSE Manager Server 4.3	xen	Already fixed
SUSE OpenStack Cloud 8	xen	Released
SUSE OpenStack Cloud 9	xen	Released
SUSE OpenStack Cloud Crowbar 8	xen	Released
SUSE OpenStack Cloud Crowbar 9	xen	Released