rpm package
suse/xen&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (49)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-40982 | — | < 4.13.5_02-150200.3.74.1 | 4.13.5_02-150200.3.74.1 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-20569 | — | < 4.13.5_02-150200.3.74.1 | 4.13.5_02-150200.3.74.1 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-20593 | — | < 4.13.5_02-150200.3.74.1 | 4.13.5_02-150200.3.74.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||
| CVE-2022-42334 | — | < 4.13.4_20-150200.3.71.1 | 4.13.4_20-150200.3.71.1 | Mar 21, 2023 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly | ||
| CVE-2022-42333 | — | < 4.13.4_20-150200.3.71.1 | 4.13.4_20-150200.3.71.1 | Mar 21, 2023 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly | ||
| CVE-2022-42332 | — | < 4.13.4_20-150200.3.71.1 | 4.13.4_20-150200.3.71.1 | Mar 21, 2023 | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab | ||
| CVE-2022-42331 | — | < 4.13.4_20-150200.3.71.1 | 4.13.4_20-150200.3.71.1 | Mar 21, 2023 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att | ||
| CVE-2022-23824 | — | < 4.13.4_18-150200.3.68.1 | 4.13.4_18-150200.3.68.1 | Nov 9, 2022 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | ||
| CVE-2022-42326 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42325 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42323 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42322 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42321 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of | ||
| CVE-2022-42320 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces | ||
| CVE-2022-42319 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be | ||
| CVE-2022-42318 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42317 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42316 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42315 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42314 | — | < 4.13.4_16-150200.3.65.1 | 4.13.4_16-150200.3.65.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a |
- CVE-2022-40982Aug 11, 2023affected < 4.13.5_02-150200.3.74.1fixed 4.13.5_02-150200.3.74.1
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-20569Aug 8, 2023affected < 4.13.5_02-150200.3.74.1fixed 4.13.5_02-150200.3.74.1
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-20593Jul 24, 2023affected < 4.13.5_02-150200.3.74.1fixed 4.13.5_02-150200.3.74.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
- CVE-2022-42334Mar 21, 2023affected < 4.13.4_20-150200.3.71.1fixed 4.13.4_20-150200.3.71.1
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly
- CVE-2022-42333Mar 21, 2023affected < 4.13.4_20-150200.3.71.1fixed 4.13.4_20-150200.3.71.1
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly
- CVE-2022-42332Mar 21, 2023affected < 4.13.4_20-150200.3.71.1fixed 4.13.4_20-150200.3.71.1
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab
- CVE-2022-42331Mar 21, 2023affected < 4.13.4_20-150200.3.71.1fixed 4.13.4_20-150200.3.71.1
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att
- CVE-2022-23824Nov 9, 2022affected < 4.13.4_18-150200.3.68.1fixed 4.13.4_18-150200.3.68.1
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
- CVE-2022-42326Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42325Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42323Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42322Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42321Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of
- CVE-2022-42320Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces
- CVE-2022-42319Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be
- CVE-2022-42318Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42317Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42316Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42315Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42314Nov 1, 2022affected < 4.13.4_16-150200.3.65.1fixed 4.13.4_16-150200.3.65.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
Page 1 of 3