rpm package
suse/xen&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (85)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28687 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Jun 11, 2021 | HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, | ||
| CVE-2021-28689 | — | < 4.12.4_30-150100.3.80.1 | 4.12.4_30-150100.3.80.1 | Jun 11, 2021 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov | ||
| CVE-2021-0089 | — | < 4.12.4_12-3.52.1 | 4.12.4_12-3.52.1 | Jun 9, 2021 | Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2021-3308 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Jan 26, 2021 | An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will | ||
| CVE-2020-28368 | — | < 4.12.4_08-3.43.3 | 4.12.4_08-3.43.3 | Nov 10, 2020 | Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the |
- CVE-2021-28687Jun 11, 2021affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline,
- CVE-2021-28689Jun 11, 2021affected < 4.12.4_30-150100.3.80.1fixed 4.12.4_30-150100.3.80.1
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's nov
- CVE-2021-0089Jun 9, 2021affected < 4.12.4_12-3.52.1fixed 4.12.4_12-3.52.1
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-3308Jan 26, 2021affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will
- CVE-2020-28368Nov 10, 2020affected < 4.12.4_08-3.43.3fixed 4.12.4_08-3.43.3
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the
Page 5 of 5