rpm package

suse/xen&distro=SUSE Linux Enterprise Server 12 SP2-BCL

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Vulnerabilities (144)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-42332	—	< 4.7.6_32-43.104.1	4.7.6_32-43.104.1	Mar 21, 2023	x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab
CVE-2022-42331	—	< 4.7.6_32-43.104.1	4.7.6_32-43.104.1	Mar 21, 2023	x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att
CVE-2022-23824	—	< 4.7.6_30-43.101.1	4.7.6_30-43.101.1	Nov 9, 2022	IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2022-42323	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
CVE-2022-42322	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
CVE-2022-42321	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of
CVE-2022-42320	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces
CVE-2022-42318	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42317	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42316	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42315	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42314	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42313	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42312	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42311	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42310	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra
CVE-2022-42309	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Nov 1, 2022	Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e
CVE-2022-33748	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Oct 11, 2022	lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c
CVE-2022-33746	—	< 4.7.6_28-43.98.1	4.7.6_28-43.98.1	Oct 11, 2022	P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so
CVE-2022-33745	—	< 4.7.6_24-43.91.1	4.7.6_24-43.91.1	Jul 26, 2022	insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha

CVE-2022-42332Mar 21, 2023
affected < 4.7.6_32-43.104.1fixed 4.7.6_32-43.104.1
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab
CVE-2022-42331Mar 21, 2023
affected < 4.7.6_32-43.104.1fixed 4.7.6_32-43.104.1
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att
CVE-2022-23824Nov 9, 2022
affected < 4.7.6_30-43.101.1fixed 4.7.6_30-43.101.1
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2022-42323Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
CVE-2022-42322Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
CVE-2022-42321Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of
CVE-2022-42320Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces
CVE-2022-42318Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42317Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42316Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42315Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42314Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42313Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42312Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42311Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
CVE-2022-42310Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra
CVE-2022-42309Nov 1, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e
CVE-2022-33748Oct 11, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can c
CVE-2022-33746Oct 11, 2022
affected < 4.7.6_28-43.98.1fixed 4.7.6_28-43.98.1
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so
CVE-2022-33745Jul 26, 2022
affected < 4.7.6_24-43.91.1fixed 4.7.6_24-43.91.1
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha

Page 1 of 8