SuSE 11.3 Security Update : Xen (SAT Patch Number 8588)

High Nessus Plugin ID 71562


The remote SuSE 11 host is missing one or more security updates.


The Xen hypervisor and tool-suite have been updated to fix security issues and bugs :

- XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. (CVE-2013-4494)

- XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. (CVE-2013-4553)

- XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. (CVE-2013-4554)

- XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked.

- XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed:. (CVE-2013-4551)

- It is possible to start a VM twice on the same node.

- In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. (bnc#842417)

- Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. (bnc#848014)

- Soft lock-up with PCI pass-through and many VCPUs.

- Boot Failure with Xen kernel in UEFI mode with error 'No memory for trampoline'. (bnc#833483)

- Increase the maximum supported CPUs in the Hypervisor to 512.


Apply SAT patch number 8588.

See Also

Plugin Details

Severity: High

ID: 71562

File Name: suse_11_xen-201311-131127.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2013/12/20

Modified: 2013/12/20

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:xen, p-cpe:/a:novell:suse_linux:11:xen-doc-html, p-cpe:/a:novell:suse_linux:11:xen-doc-pdf, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-libs, p-cpe:/a:novell:suse_linux:11:xen-libs-32bit, p-cpe:/a:novell:suse_linux:11:xen-tools, p-cpe:/a:novell:suse_linux:11:xen-tools-domU, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2013/11/27

Reference Information

CVE: CVE-2013-1922, CVE-2013-2007, CVE-2013-4375, CVE-2013-4416, CVE-2013-4494, CVE-2013-4551, CVE-2013-4553, CVE-2013-4554, CVE-2013-6375