rpm package
suse/xen&distro=HPE Helion OpenStack 8
pkg:rpm/suse/xen&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (96)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-26361 | Hig | 7.8 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | |
| CVE-2022-26360 | Hig | 7.8 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | |
| CVE-2022-26359 | Hig | 7.8 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | |
| CVE-2022-26358 | Hig | 7.8 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese | |
| CVE-2022-26357 | Hig | 7.0 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The clea | |
| CVE-2022-26356 | Med | 5.6 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Apr 5, 2022 | Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_ | |
| CVE-2021-20257 | Med | 6.5 | < 4.9.4_16-3.83.1 | 4.9.4_16-3.83.1 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re | |
| CVE-2022-0002 | Med | 6.5 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Mar 11, 2022 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2022-0001 | Med | 6.5 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Mar 11, 2022 | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2021-26401 | Med | 5.6 | < 4.9.4_28-3.103.1 | 4.9.4_28-3.103.1 | Mar 11, 2022 | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | |
| CVE-2022-23035 | Med | 4.6 | < 4.9.4_26-3.100.1 | 4.9.4_26-3.100.1 | Jan 25, 2022 | Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent | |
| CVE-2022-23034 | Med | 5.5 | < 4.9.4_26-3.100.1 | 4.9.4_26-3.100.1 | Jan 25, 2022 | A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unma | |
| CVE-2021-28709 | Hig | 7.8 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t | |
| CVE-2021-28705 | Hig | 7.8 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t | |
| CVE-2021-28708 | Hig | 8.8 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav | |
| CVE-2021-28707 | Hig | 8.8 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav | |
| CVE-2021-28706 | Hig | 8.6 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precisio | |
| CVE-2021-28704 | Hig | 8.8 | < 4.9.4_24-3.97.1 | 4.9.4_24-3.97.1 | Nov 24, 2021 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav | |
| CVE-2021-28701 | Hig | 7.8 | < 4.9.4_22-3.94.2 | 4.9.4_22-3.94.2 | Sep 8, 2021 | Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest sw | |
| CVE-2021-28699 | Med | 5.5 | < 4.9.4_20-3.91.1 | 4.9.4_20-3.91.1 | Aug 27, 2021 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra |
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Rese
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The clea
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_
- affected < 4.9.4_16-3.83.1fixed 4.9.4_16-3.83.1
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- affected < 4.9.4_28-3.103.1fixed 4.9.4_28-3.103.1
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
- affected < 4.9.4_26-3.100.1fixed 4.9.4_26-3.100.1
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent
- affected < 4.9.4_26-3.100.1fixed 4.9.4_26-3.100.1
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unma
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precisio
- affected < 4.9.4_24-3.97.1fixed 4.9.4_24-3.97.1
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav
- affected < 4.9.4_22-3.94.2fixed 4.9.4_22-3.94.2
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest sw
- affected < 4.9.4_20-3.91.1fixed 4.9.4_20-3.91.1
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tra
Page 1 of 5