rpm package
suse/xen&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (97)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42334 | — | < 4.11.4_38-2.89.1 | 4.11.4_38-2.89.1 | Mar 21, 2023 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly | ||
| CVE-2022-42333 | — | < 4.11.4_38-2.89.1 | 4.11.4_38-2.89.1 | Mar 21, 2023 | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly | ||
| CVE-2022-42332 | — | < 4.11.4_38-2.89.1 | 4.11.4_38-2.89.1 | Mar 21, 2023 | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab | ||
| CVE-2022-42331 | — | < 4.11.4_38-2.89.1 | 4.11.4_38-2.89.1 | Mar 21, 2023 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att | ||
| CVE-2022-23824 | — | < 4.11.4_36-2.86.1 | 4.11.4_36-2.86.1 | Nov 9, 2022 | IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | ||
| CVE-2022-42326 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42325 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the | ||
| CVE-2022-42323 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42322 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie | ||
| CVE-2022-42321 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of | ||
| CVE-2022-42320 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces | ||
| CVE-2022-42319 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be | ||
| CVE-2022-42318 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42317 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42316 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42315 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42314 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42313 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42312 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a | ||
| CVE-2022-42311 | — | < 4.11.4_34-2.83.1 | 4.11.4_34-2.83.1 | Nov 1, 2022 | Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a |
- CVE-2022-42334Mar 21, 2023affected < 4.11.4_38-2.89.1fixed 4.11.4_38-2.89.1
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly
- CVE-2022-42333Mar 21, 2023affected < 4.11.4_38-2.89.1fixed 4.11.4_38-2.89.1
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly
- CVE-2022-42332Mar 21, 2023affected < 4.11.4_38-2.89.1fixed 4.11.4_38-2.89.1
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tab
- CVE-2022-42331Mar 21, 2023affected < 4.11.4_38-2.89.1fixed 4.11.4_38-2.89.1
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be att
- CVE-2022-23824Nov 9, 2022affected < 4.11.4_36-2.86.1fixed 4.11.4_36-2.86.1
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
- CVE-2022-42326Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42325Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the
- CVE-2022-42323Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42322Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modifie
- CVE-2022-42321Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of
- CVE-2022-42320Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those acces
- CVE-2022-42319Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be
- CVE-2022-42318Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42317Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42316Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42315Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42314Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42313Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42312Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
- CVE-2022-42311Nov 1, 2022affected < 4.11.4_34-2.83.1fixed 4.11.4_34-2.83.1
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a
Page 1 of 5