VYPR

rpm package

opensuse/xen&distro=openSUSE Leap Micro 5.2

pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%20Micro%205.2

Vulnerabilities (35)

  • CVE-2022-23824Nov 9, 2022
    affected < 4.14.5_10-150300.3.45.1fixed 4.14.5_10-150300.3.45.1

    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

  • CVE-2022-42326Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the

  • CVE-2022-42325Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the

  • CVE-2022-42323Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie

  • CVE-2022-42322Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie

  • CVE-2022-42321Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of

  • CVE-2022-42320Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces

  • CVE-2022-42319Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be

  • CVE-2022-42318Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42317Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42316Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42315Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42314Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42313Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42312Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42311Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42310Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra

  • CVE-2022-42309Nov 1, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e

  • CVE-2022-33748Oct 11, 2022
    affected < 4.14.5_06-150300.3.35.1fixed 4.14.5_06-150300.3.35.1

    lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c

  • CVE-2022-33747Oct 11, 2022
    affected < 4.14.5_08-150300.3.40.1fixed 4.14.5_08-150300.3.40.1

    Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory alloc

Page 1 of 2