rpm package
suse/xen&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23553 | — | < 4.12.4_64-3.137.1 | 4.12.4_64-3.137.1 | Jan 28, 2026 | In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on | ||
| CVE-2025-58150 | — | < 4.12.4_64-3.137.1 | 4.12.4_64-3.137.1 | Jan 28, 2026 | Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. | ||
| CVE-2025-58149 | — | < 4.12.4_64-3.137.1 | 4.12.4_64-3.137.1 | Oct 31, 2025 | When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the p | ||
| CVE-2025-1713 | — | < 4.12.4_60-3.127.1 | 4.12.4_60-3.127.1 | Jul 17, 2025 | When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock. | ||
| CVE-2025-27465 | — | < 4.12.4_62-3.130.1 | 4.12.4_62-3.130.1 | Jul 16, 2025 | Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additiona | ||
| CVE-2024-28956 | Med | 5.6 | < 4.12.4_60-3.127.1 | 4.12.4_60-3.127.1 | May 13, 2025 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2024-45819 | — | < 4.12.4_58-3.124.1 | 4.12.4_58-3.124.1 | Dec 19, 2024 | PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is | ||
| CVE-2024-45818 | — | < 4.12.4_58-3.124.1 | 4.12.4_58-3.124.1 | Dec 19, 2024 | The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a |
- CVE-2026-23553Jan 28, 2026affected < 4.12.4_64-3.137.1fixed 4.12.4_64-3.137.1
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on
- CVE-2025-58150Jan 28, 2026affected < 4.12.4_64-3.137.1fixed 4.12.4_64-3.137.1
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
- CVE-2025-58149Oct 31, 2025affected < 4.12.4_64-3.137.1fixed 4.12.4_64-3.137.1
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the p
- CVE-2025-1713Jul 17, 2025affected < 4.12.4_60-3.127.1fixed 4.12.4_60-3.127.1
When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.
- CVE-2025-27465Jul 16, 2025affected < 4.12.4_62-3.130.1fixed 4.12.4_62-3.130.1
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additiona
- affected < 4.12.4_60-3.127.1fixed 4.12.4_60-3.127.1
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45819Dec 19, 2024affected < 4.12.4_58-3.124.1fixed 4.12.4_58-3.124.1
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is
- CVE-2024-45818Dec 19, 2024affected < 4.12.4_58-3.124.1fixed 4.12.4_58-3.124.1
The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a