rpm package
suse/xen&distro=SUSE Linux Enterprise Server 12 SP3-BCL
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL
Vulnerabilities (122)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42326 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42325 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42323 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42322 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42321 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of | ||
| CVE-2022-42320 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces | ||
| CVE-2022-42319 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be | ||
| CVE-2022-42318 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42317 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42316 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42315 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42314 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42313 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42312 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42311 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42310 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra | ||
| CVE-2022-42309 | — | < 4.9.4_34-3.114.1 | 4.9.4_34-3.114.1 | Nov 1, 2022 | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e | ||
| CVE-2022-33745 | — | < 4.9.4_30-3.106.1 | 4.9.4_30-3.106.1 | Jul 26, 2022 | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha | ||
| CVE-2022-23825 | — | < 4.9.4_30-3.106.1 | 4.9.4_30-3.106.1 | Jul 14, 2022 | Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | ||
| CVE-2022-29900 | — | < 4.9.4_30-3.106.1 | 4.9.4_30-3.106.1 | Jul 12, 2022 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
- CVE-2022-42326Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42325Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42323Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42322Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42321Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of
- CVE-2022-42320Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces
- CVE-2022-42319Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be
- CVE-2022-42318Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42317Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42316Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42315Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42314Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42313Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42312Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42311Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42310Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the tra
- CVE-2022-42309Nov 1, 2022affected < 4.9.4_34-3.114.1fixed 4.9.4_34-3.114.1
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the e
- CVE-2022-33745Jul 26, 2022affected < 4.9.4_30-3.106.1fixed 4.9.4_30-3.106.1
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable cha
- CVE-2022-23825Jul 14, 2022affected < 4.9.4_30-3.106.1fixed 4.9.4_30-3.106.1
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
- CVE-2022-29900Jul 12, 2022affected < 4.9.4_30-3.106.1fixed 4.9.4_30-3.106.1
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Page 1 of 7