rpm package

suse/xen&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Vulnerabilities (25)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-27465		—	< 4.14.6_26-150300.3.91.1	4.14.6_26-150300.3.91.1	Jul 16, 2025	Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additiona
CVE-2024-36357	Med	5.6	< 4.14.6_26-150300.3.91.1	4.14.6_26-150300.3.91.1	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350	Med	5.6	< 4.14.6_26-150300.3.91.1	4.14.6_26-150300.3.91.1	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-2201	Med	4.7	< 4.14.6_16-150300.3.75.1	4.14.6_16-150300.3.75.1	Dec 19, 2024	A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
CVE-2024-45819		—	< 4.14.6_22-150300.3.84.1	4.14.6_22-150300.3.84.1	Dec 19, 2024	PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is
CVE-2024-45818		—	< 4.14.6_22-150300.3.84.1	4.14.6_22-150300.3.84.1	Dec 19, 2024	The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a
CVE-2024-31146		—	< 4.14.6_18-150300.3.78.1	4.14.6_18-150300.3.78.1	Sep 25, 2024	When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration canno
CVE-2024-31145		—	< 4.14.6_18-150300.3.78.1	4.14.6_18-150300.3.78.1	Sep 25, 2024	Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purp
CVE-2024-31143		—	< 4.14.6_16-150300.3.75.1	4.14.6_16-150300.3.75.1	Jul 18, 2024	An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situat
CVE-2023-46839		—	< 4.14.6_10-150300.3.63.1	4.14.6_10-150300.3.63.1	Mar 20, 2024	PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions ne
CVE-2023-46836		—	< 4.14.6_08-150300.3.60.1	4.14.6_08-150300.3.60.1	Jan 5, 2024	The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupt
CVE-2023-46835		—	< 4.14.6_08-150300.3.60.1	4.14.6_08-150300.3.60.1	Jan 5, 2024	The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels ba
CVE-2023-34328		—	< 4.14.6_06-150300.3.57.1	4.14.6_06-150300.3.57.1	Jan 5, 2024	[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
CVE-2023-34327		—	< 4.14.6_06-150300.3.57.1	4.14.6_06-150300.3.57.1	Jan 5, 2024	[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
CVE-2023-34325		—	< 4.14.6_06-150300.3.57.1	4.14.6_06-150300.3.57.1	Jan 5, 2024	[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disk
CVE-2023-34326		—	< 4.14.6_06-150300.3.57.1	4.14.6_06-150300.3.57.1	Jan 5, 2024	The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can
CVE-2023-34323		—	< 4.14.6_06-150300.3.57.1	4.14.6_06-150300.3.57.1	Jan 5, 2024	When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xensto
CVE-2023-34322		—	< 4.14.6_04-150300.3.54.1	4.14.6_04-150300.3.54.1	Jan 5, 2024	For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests thi
CVE-2023-20588		—	< 4.14.6_04-150300.3.54.1	4.14.6_04-150300.3.54.1	Aug 8, 2023	A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-20593		—	< 4.14.6_04-150300.3.54.1	4.14.6_04-150300.3.54.1	Jul 24, 2023	An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

CVE-2025-27465Jul 16, 2025
affected < 4.14.6_26-150300.3.91.1fixed 4.14.6_26-150300.3.91.1
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additiona
CVE-2024-36357MedJul 8, 2025
affected < 4.14.6_26-150300.3.91.1fixed 4.14.6_26-150300.3.91.1
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350MedJul 8, 2025
affected < 4.14.6_26-150300.3.91.1fixed 4.14.6_26-150300.3.91.1
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-2201MedDec 19, 2024
affected < 4.14.6_16-150300.3.75.1fixed 4.14.6_16-150300.3.75.1
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
CVE-2024-45819Dec 19, 2024
affected < 4.14.6_22-150300.3.84.1fixed 4.14.6_22-150300.3.84.1
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is
CVE-2024-45818Dec 19, 2024
affected < 4.14.6_22-150300.3.84.1fixed 4.14.6_22-150300.3.84.1
The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a
CVE-2024-31146Sep 25, 2024
affected < 4.14.6_18-150300.3.78.1fixed 4.14.6_18-150300.3.78.1
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration canno
CVE-2024-31145Sep 25, 2024
affected < 4.14.6_18-150300.3.78.1fixed 4.14.6_18-150300.3.78.1
Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purp
CVE-2024-31143Jul 18, 2024
affected < 4.14.6_16-150300.3.75.1fixed 4.14.6_16-150300.3.75.1
An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situat
CVE-2023-46839Mar 20, 2024
affected < 4.14.6_10-150300.3.63.1fixed 4.14.6_10-150300.3.63.1
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions ne
CVE-2023-46836Jan 5, 2024
affected < 4.14.6_08-150300.3.60.1fixed 4.14.6_08-150300.3.60.1
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupt
CVE-2023-46835Jan 5, 2024
affected < 4.14.6_08-150300.3.60.1fixed 4.14.6_08-150300.3.60.1
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels ba
CVE-2023-34328Jan 5, 2024
affected < 4.14.6_06-150300.3.57.1fixed 4.14.6_06-150300.3.57.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
CVE-2023-34327Jan 5, 2024
affected < 4.14.6_06-150300.3.57.1fixed 4.14.6_06-150300.3.57.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are erro
CVE-2023-34325Jan 5, 2024
affected < 4.14.6_06-150300.3.57.1fixed 4.14.6_06-150300.3.57.1
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disk
CVE-2023-34326Jan 5, 2024
affected < 4.14.6_06-150300.3.57.1fixed 4.14.6_06-150300.3.57.1
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can
CVE-2023-34323Jan 5, 2024
affected < 4.14.6_06-150300.3.57.1fixed 4.14.6_06-150300.3.57.1
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xensto
CVE-2023-34322Jan 5, 2024
affected < 4.14.6_04-150300.3.54.1fixed 4.14.6_04-150300.3.54.1
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests thi
CVE-2023-20588Aug 8, 2023
affected < 4.14.6_04-150300.3.54.1fixed 4.14.6_04-150300.3.54.1
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-20593Jul 24, 2023
affected < 4.14.6_04-150300.3.54.1fixed 4.14.6_04-150300.3.54.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

Page 1 of 2