VYPR

rpm package

suse/xen&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Vulnerabilities (48)

  • CVE-2022-42325Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the

  • CVE-2022-42323Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie

  • CVE-2022-42322Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie

  • CVE-2022-42321Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of

  • CVE-2022-42320Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces

  • CVE-2022-42319Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be

  • CVE-2022-42318Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42317Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42316Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42315Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42314Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42313Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42312Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42311Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a

  • CVE-2022-42310Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra

  • CVE-2022-42309Nov 1, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e

  • CVE-2022-33748Oct 11, 2022
    affected < 4.16.2_06-150400.4.11.1fixed 4.16.2_06-150400.4.11.1

    lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c

  • CVE-2022-33747Oct 11, 2022
    affected < 4.16.2_08-150400.4.16.1fixed 4.16.2_08-150400.4.16.1

    Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory alloc

  • CVE-2022-33746Oct 11, 2022
    affected < 4.16.2_06-150400.4.11.1fixed 4.16.2_06-150400.4.11.1

    P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so

  • CVE-2022-33745Jul 26, 2022
    affected < 4.16.1_06-150400.4.8.1fixed 4.16.1_06-150400.4.8.1

    insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha

Page 2 of 3