VYPR

rpm package

suse/xen&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7

Vulnerabilities (14)

  • CVE-2026-23555HigMar 23, 2026
    affected < 4.20.2_08-150700.3.28.1fixed 4.20.2_08-150700.3.28.1

    Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. I

  • CVE-2026-23554HigMar 23, 2026
    affected < 4.20.2_08-150700.3.28.1fixed 4.20.2_08-150700.3.28.1

    The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flus

  • CVE-2026-23553Jan 28, 2026
    affected < 4.20.2_04-150700.3.22.1fixed 4.20.2_04-150700.3.22.1

    In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on

  • CVE-2025-58150Jan 28, 2026
    affected < 4.20.2_04-150700.3.22.1fixed 4.20.2_04-150700.3.22.1

    Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

  • CVE-2025-58149Oct 31, 2025
    affected < 4.20.2_02-150700.3.19.1fixed 4.20.2_02-150700.3.19.1

    When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the p

  • CVE-2025-58148Oct 31, 2025
    affected < 4.20.1_06-150700.3.14.1fixed 4.20.1_06-150700.3.14.1

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats,

  • CVE-2025-58147Oct 31, 2025
    affected < 4.20.1_06-150700.3.14.1fixed 4.20.1_06-150700.3.14.1

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats,

  • CVE-2025-58143Sep 11, 2025
    affected < 4.20.1_04-150700.3.11.1fixed 4.20.1_04-150700.3.11.1

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the upd

  • CVE-2025-58142Sep 11, 2025
    affected < 4.20.1_04-150700.3.11.1fixed 4.20.1_04-150700.3.11.1

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the upd

  • CVE-2025-27466Sep 11, 2025
    affected < 4.20.1_04-150700.3.11.1fixed 4.20.1_04-150700.3.11.1

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the upd

  • CVE-2025-27465Jul 16, 2025
    affected < 4.20.1_02-150700.3.8.1fixed 4.20.1_02-150700.3.8.1

    Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additiona

  • CVE-2024-36357MedJul 8, 2025
    affected < 4.20.1_02-150700.3.8.1fixed 4.20.1_02-150700.3.8.1

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

  • CVE-2024-36350MedJul 8, 2025
    affected < 4.20.1_02-150700.3.8.1fixed 4.20.1_02-150700.3.8.1

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.

  • CVE-2024-28956MedMay 13, 2025
    affected < 4.20.0_12-150700.3.3.1fixed 4.20.0_12-150700.3.3.1

    Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.