rpm package
suse/xen&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (97)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42310 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra | ||
| CVE-2022-42309 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e | ||
| CVE-2022-33748 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Oct 11, 2022 | lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c | ||
| CVE-2022-33746 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Oct 11, 2022 | P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so | ||
| CVE-2022-33745 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jul 26, 2022 | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha | ||
| CVE-2022-23825 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jul 14, 2022 | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | ||
| CVE-2022-29900 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jul 12, 2022 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||
| CVE-2022-21166 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 15, 2022 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21125 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 15, 2022 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21123 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 15, 2022 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-26362 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 9, 2022 | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates | ||
| CVE-2022-26364 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 9, 2022 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This sch | ||
| CVE-2022-26363 | — | < 4.11.4_30-2.76.1 | 4.11.4_30-2.76.1 | Jun 9, 2022 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This sch | ||
| CVE-2022-26361 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | ||
| CVE-2022-26360 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | ||
| CVE-2022-26359 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | ||
| CVE-2022-26358 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | ||
| CVE-2022-26357 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The clea | ||
| CVE-2022-26356 | — | < 4.11.4_28-2.73.1 | 4.11.4_28-2.73.1 | Apr 5, 2022 | Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_ | ||
| CVE-2021-20257 | — | < 4.11.4_16-2.51.1 | 4.11.4_16-2.51.1 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re |
- CVE-2022-42310Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra
- CVE-2022-42309Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e
- CVE-2022-33748Oct 11, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c
- CVE-2022-33746Oct 11, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so
- CVE-2022-33745Jul 26, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha
- CVE-2022-23825Jul 14, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
- CVE-2022-29900Jul 12, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
- CVE-2022-21166Jun 15, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21125Jun 15, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21123Jun 15, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-26362Jun 9, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates
- CVE-2022-26364Jun 9, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This sch
- CVE-2022-26363Jun 9, 2022affected < 4.11.4_30-2.76.1fixed 4.11.4_30-2.76.1
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This sch
- CVE-2022-26361Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- CVE-2022-26360Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- CVE-2022-26359Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- CVE-2022-26358Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- CVE-2022-26357Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The clea
- CVE-2022-26356Apr 5, 2022affected < 4.11.4_28-2.73.1fixed 4.11.4_28-2.73.1
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_
- CVE-2021-20257Mar 16, 2022affected < 4.11.4_16-2.51.1fixed 4.11.4_16-2.51.1
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
Page 2 of 5