rpm package
suse/xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (140)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-2201 | Med | 4.7 | < 4.12.4_48-3.109.1 | 4.12.4_48-3.109.1 | Dec 19, 2024 | A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | |
| CVE-2024-45817 | — | < 4.12.4_54-3.118.1 | 4.12.4_54-3.118.1 | Sep 25, 2024 | In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, whic | ||
| CVE-2024-31146 | — | < 4.12.4_52-3.115.1 | 4.12.4_52-3.115.1 | Sep 25, 2024 | When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration canno | ||
| CVE-2024-31145 | — | < 4.12.4_52-3.115.1 | 4.12.4_52-3.115.1 | Sep 25, 2024 | Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purp | ||
| CVE-2024-31143 | — | < 4.12.4_50-3.112.1 | 4.12.4_50-3.112.1 | Jul 18, 2024 | An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situat | ||
| CVE-2024-31142 | — | < 4.12.4_48-3.109.1 | 4.12.4_48-3.109.1 | May 16, 2024 | Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.or | ||
| CVE-2023-46842 | — | < 4.12.4_48-3.109.1 | 4.12.4_48-3.109.1 | May 16, 2024 | Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hy | ||
| CVE-2023-46839 | — | < 4.12.4_44-3.103.1 | 4.12.4_44-3.103.1 | Mar 20, 2024 | PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions ne | ||
| CVE-2024-2193 | Med | 5.7 | < 4.12.4_46-3.106.1 | 4.12.4_46-3.106.1 | Mar 15, 2024 | A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race condit | |
| CVE-2023-28746 | Med | 6.5 | < 4.12.4_46-3.106.1 | 4.12.4_46-3.106.1 | Mar 14, 2024 | Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2023-46836 | — | < 4.12.4_42-3.100.1 | 4.12.4_42-3.100.1 | Jan 5, 2024 | The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupt | ||
| CVE-2023-46835 | — | < 4.12.4_42-3.100.1 | 4.12.4_42-3.100.1 | Jan 5, 2024 | The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels ba | ||
| CVE-2023-34328 | — | < 4.12.4_40-3.97.1 | 4.12.4_40-3.97.1 | Jan 5, 2024 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro | ||
| CVE-2023-34327 | — | < 4.12.4_40-3.97.1 | 4.12.4_40-3.97.1 | Jan 5, 2024 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro | ||
| CVE-2023-34325 | — | < 4.12.4_40-3.97.1 | 4.12.4_40-3.97.1 | Jan 5, 2024 | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disk | ||
| CVE-2023-34326 | — | < 4.12.4_40-3.97.1 | 4.12.4_40-3.97.1 | Jan 5, 2024 | The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can | ||
| CVE-2023-34323 | — | < 4.12.4_40-3.97.1 | 4.12.4_40-3.97.1 | Jan 5, 2024 | When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xensto | ||
| CVE-2023-34322 | — | < 4.12.4_38-3.94.1 | 4.12.4_38-3.94.1 | Jan 5, 2024 | For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests thi | ||
| CVE-2022-40982 | — | < 4.12.4_36-3.91.2 | 4.12.4_36-3.91.2 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-20588 | — | < 4.12.4_38-3.94.1 | 4.12.4_38-3.94.1 | Aug 8, 2023 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. |
- affected < 4.12.4_48-3.109.1fixed 4.12.4_48-3.109.1
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
- CVE-2024-45817Sep 25, 2024affected < 4.12.4_54-3.118.1fixed 4.12.4_54-3.118.1
In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, whic
- CVE-2024-31146Sep 25, 2024affected < 4.12.4_52-3.115.1fixed 4.12.4_52-3.115.1
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration canno
- CVE-2024-31145Sep 25, 2024affected < 4.12.4_52-3.115.1fixed 4.12.4_52-3.115.1
Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purp
- CVE-2024-31143Jul 18, 2024affected < 4.12.4_50-3.112.1fixed 4.12.4_50-3.112.1
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situat
- CVE-2024-31142May 16, 2024affected < 4.12.4_48-3.109.1fixed 4.12.4_48-3.109.1
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.or
- CVE-2023-46842May 16, 2024affected < 4.12.4_48-3.109.1fixed 4.12.4_48-3.109.1
Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hy
- CVE-2023-46839Mar 20, 2024affected < 4.12.4_44-3.103.1fixed 4.12.4_44-3.103.1
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions ne
- affected < 4.12.4_46-3.106.1fixed 4.12.4_46-3.106.1
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race condit
- affected < 4.12.4_46-3.106.1fixed 4.12.4_46-3.106.1
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-46836Jan 5, 2024affected < 4.12.4_42-3.100.1fixed 4.12.4_42-3.100.1
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupt
- CVE-2023-46835Jan 5, 2024affected < 4.12.4_42-3.100.1fixed 4.12.4_42-3.100.1
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels ba
- CVE-2023-34328Jan 5, 2024affected < 4.12.4_40-3.97.1fixed 4.12.4_40-3.97.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
- CVE-2023-34327Jan 5, 2024affected < 4.12.4_40-3.97.1fixed 4.12.4_40-3.97.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
- CVE-2023-34325Jan 5, 2024affected < 4.12.4_40-3.97.1fixed 4.12.4_40-3.97.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disk
- CVE-2023-34326Jan 5, 2024affected < 4.12.4_40-3.97.1fixed 4.12.4_40-3.97.1
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can
- CVE-2023-34323Jan 5, 2024affected < 4.12.4_40-3.97.1fixed 4.12.4_40-3.97.1
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xensto
- CVE-2023-34322Jan 5, 2024affected < 4.12.4_38-3.94.1fixed 4.12.4_38-3.94.1
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests thi
- CVE-2022-40982Aug 11, 2023affected < 4.12.4_36-3.91.2fixed 4.12.4_36-3.91.2
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-20588Aug 8, 2023affected < 4.12.4_38-3.94.1fixed 4.12.4_38-3.94.1
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Page 1 of 7