Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-33745 (GCVE-0-2022-33745)
Vulnerability from cvelistv5 – Published: 2022-07-26 00:00 – Updated: 2024-08-03 08:09
VLAI
EPSS
Summary
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
Severity
No CVSS data available.
CWE
- unknown
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://xenbits.xenproject.org/xsa/advisory-408.txt | |
| http://xenbits.xen.org/xsa/advisory-408.html | |
| http://www.openwall.com/lists/oss-security/2022/07/26/2 | mailing-list |
| http://www.openwall.com/lists/oss-security/2022/07/26/3 | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5272 | vendor-advisory |
Credits
{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Charles Arnold of SUSE.'}]}}}
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"name": "FEDORA-2022-4f7cd241e2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5272",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xen",
"vendor": "Xen",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-408"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "{\u0027credit_data\u0027: {\u0027description\u0027: {\u0027description_data\u0027: [{\u0027lang\u0027: \u0027eng\u0027, \u0027value\u0027: \u0027This issue was discovered by Charles Arnold of SUSE.\u0027}]}}}"
}
],
"descriptions": [
{
"lang": "en",
"value": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary."
}
],
"metrics": [
{
"other": {
"content": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The known (observed) impact would be a Denial of Service (DoS) affecting\nthe entire host, due to running out of memory. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unknown",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"shortName": "XEN"
},
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"name": "FEDORA-2022-4f7cd241e2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5272",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5272"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
"assignerShortName": "XEN",
"cveId": "CVE-2022-33745",
"datePublished": "2022-07-26T00:00:00.000Z",
"dateReserved": "2022-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:09:22.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-33745",
"date": "2026-05-27",
"epss": "0.00078",
"percentile": "0.23039"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"EF4E17C2-244F-4E5A-A5F8-4626CD1AC11A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.\"}, {\"lang\": \"es\", \"value\": \"Un vaciado insuficiente del TLB para hu\\u00e9spedes x86 PV en modo de sombra Para la migraci\\u00f3n, as\\u00ed como para trabajar en torno a los kernels que no son conscientes de L1TF (v\\u00e9ase XSA-273), los hu\\u00e9spedes PV pueden ejecutarse en modo de paginaci\\u00f3n de sombra. Para abordar XSA-401, el c\\u00f3digo fue movido dentro de una funci\\u00f3n en Xen. Este movimiento de c\\u00f3digo pas\\u00f3 por alto una variable que cambiaba de significado/valor entre las posiciones de c\\u00f3digo antiguas y nuevas. El uso ahora err\\u00f3neo de la variable conllevaba a una condici\\u00f3n err\\u00f3nea de vaciado de la TLB, omitiendo el vaciado cuando era necesario.\"}]",
"id": "CVE-2022-33745",
"lastModified": "2024-11-21T07:08:27.353",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}]}",
"published": "2022-07-26T13:15:10.003",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/26/2\", \"source\": \"security@xen.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/26/3\", \"source\": \"security@xen.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-408.html\", \"source\": \"security@xen.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/\", \"source\": \"security@xen.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/\", \"source\": \"security@xen.org\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5272\", \"source\": \"security@xen.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xenproject.org/xsa/advisory-408.txt\", \"source\": \"security@xen.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/26/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/07/26/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-408.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xenproject.org/xsa/advisory-408.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@xen.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-33745\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2022-07-26T13:15:10.003\",\"lastModified\":\"2024-11-21T07:08:27.353\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.\"},{\"lang\":\"es\",\"value\":\"Un vaciado insuficiente del TLB para hu\u00e9spedes x86 PV en modo de sombra Para la migraci\u00f3n, as\u00ed como para trabajar en torno a los kernels que no son conscientes de L1TF (v\u00e9ase XSA-273), los hu\u00e9spedes PV pueden ejecutarse en modo de paginaci\u00f3n de sombra. Para abordar XSA-401, el c\u00f3digo fue movido dentro de una funci\u00f3n en Xen. Este movimiento de c\u00f3digo pas\u00f3 por alto una variable que cambiaba de significado/valor entre las posiciones de c\u00f3digo antiguas y nuevas. El uso ahora err\u00f3neo de la variable conllevaba a una condici\u00f3n err\u00f3nea de vaciado de la TLB, omitiendo el vaciado cuando era necesario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"EF4E17C2-244F-4E5A-A5F8-4626CD1AC11A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/26/2\",\"source\":\"security@xen.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/26/3\",\"source\":\"security@xen.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-408.html\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/\",\"source\":\"security@xen.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/\",\"source\":\"security@xen.org\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5272\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-408.txt\",\"source\":\"security@xen.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/26/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/07/26/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-408.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-408.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-680
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions ayant appliqu\u00e9 le correctif de s\u00e9curit\u00e9 du bulletin XSA-401",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33745"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-680",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Xen. Elle permet \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-408 du 26 juillet 2022",
"url": "https://xenbits.xen.org/xsa/advisory-408.html"
}
]
}
CERTFR-2022-AVI-734
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Citrix XenServer. Elle permet à un attaquant de provoquer un problème de sécurité un déni de service, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer versions 7.1 CU2 LTSR sans le correctif de s\u00e9curit\u00e9 CTX462418",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33745"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-734",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix XenServer. Elle permet \u00e0\nun attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 un d\u00e9ni de service,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Citrix XenServer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX463455 du 09 ao\u00fbt 2022",
"url": "https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745"
}
]
}
CERTFR-2022-AVI-680
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions ayant appliqu\u00e9 le correctif de s\u00e9curit\u00e9 du bulletin XSA-401",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33745"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-680",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Xen. Elle permet \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-408 du 26 juillet 2022",
"url": "https://xenbits.xen.org/xsa/advisory-408.html"
}
]
}
CERTFR-2022-AVI-734
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Citrix XenServer. Elle permet à un attaquant de provoquer un problème de sécurité un déni de service, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer versions 7.1 CU2 LTSR sans le correctif de s\u00e9curit\u00e9 CTX462418",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33745"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-734",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix XenServer. Elle permet \u00e0\nun attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 un d\u00e9ni de service,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Citrix XenServer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX463455 du 09 ao\u00fbt 2022",
"url": "https://support.citrix.com/article/CTX463455/citrix-hypervisor-security-bulletin-for-cve202233745"
}
]
}
BDU:2024-07017
Vulnerability from fstec - Published: 26.07.2022
VLAI
Title
Уязвимость компонента Shadow Mode кроссплатформенного гипервизора Xen ядра операционной системы Linux, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость компонента Shadow Mode кроссплатформенного гипервизора Xen ядра операционной системы Linux связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «Ред Софт», АО "НППКТ", The Linux Foundation
Software Name
Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Xen
Software Version
10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), до 2.6 (ОСОН ОСнова Оnyx), 14.4 (Xen), от 4.0.0 до 4.17.0 включительно (Xen), 3.2.0 (Xen)
Possible Mitigations
Для xen:
http://xenbits.xen.org/xsa/advisory-408.html
https://xenbits.xenproject.org/xsa/advisory-408.txt
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-33745
Для ОСОН ОСнова Оnyx: Обновление программного обеспечения xen до версии 4.16.2-1
Reference
http://xenbits.xen.org/xsa/advisory-408.html
https://redos.red-soft.ru/support/secure/
https://xenbits.xenproject.org/xsa/advisory-408.txt
https://security-tracker.debian.org/tracker/CVE-2022-33745
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", The Linux Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 14.4 (Xen), \u043e\u0442 4.0.0 \u0434\u043e 4.17.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xen), 3.2.0 (Xen)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f xen:\nhttp://xenbits.xen.org/xsa/advisory-408.html\nhttps://xenbits.xenproject.org/xsa/advisory-408.txt\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-33745\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx: \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xen \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.16.2-1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.07.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.09.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07017",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-33745",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Xen",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Shadow Mode \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Shadow Mode \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://xenbits.xen.org/xsa/advisory-408.html\nhttps://redos.red-soft.ru/support/secure/\nhttps://xenbits.xenproject.org/xsa/advisory-408.txt\nhttps://security-tracker.debian.org/tracker/CVE-2022-33745\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2022-33745
Vulnerability from fkie_nvd - Published: 2022-07-26 13:15 - Updated: 2024-11-21 07:08
Severity
Summary
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "EF4E17C2-244F-4E5A-A5F8-4626CD1AC11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary."
},
{
"lang": "es",
"value": "Un vaciado insuficiente del TLB para hu\u00e9spedes x86 PV en modo de sombra Para la migraci\u00f3n, as\u00ed como para trabajar en torno a los kernels que no son conscientes de L1TF (v\u00e9ase XSA-273), los hu\u00e9spedes PV pueden ejecutarse en modo de paginaci\u00f3n de sombra. Para abordar XSA-401, el c\u00f3digo fue movido dentro de una funci\u00f3n en Xen. Este movimiento de c\u00f3digo pas\u00f3 por alto una variable que cambiaba de significado/valor entre las posiciones de c\u00f3digo antiguas y nuevas. El uso ahora err\u00f3neo de la variable conllevaba a una condici\u00f3n err\u00f3nea de vaciado de la TLB, omitiendo el vaciado cuando era necesario."
}
],
"id": "CVE-2022-33745",
"lastModified": "2024-11-21T07:08:27.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-26T13:15:10.003",
"references": [
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"source": "security@xen.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"source": "security@xen.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"source": "security@xen.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"source": "security@xen.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"source": "security@xen.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5272"
},
{
"source": "security@xen.org",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
}
],
"sourceIdentifier": "security@xen.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F5VC-GMMJ-GPP6
Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2022-08-03 00:00
VLAI
Details
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-33745"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-26T13:15:00Z",
"severity": "HIGH"
},
"details": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"id": "GHSA-f5vc-gmmj-gpp6",
"modified": "2022-08-03T00:00:55Z",
"published": "2022-07-27T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33745"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5272"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-33745
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-33745",
"description": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"id": "GSD-2022-33745",
"references": [
"https://www.suse.com/security/cve/CVE-2022-33745.html",
"https://www.debian.org/security/2022/dsa-5272"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-33745"
],
"details": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"id": "GSD-2022-33745",
"modified": "2023-12-13T01:19:23.292323Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-33745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-408"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of Xen with the XSA-401 fixes applied are vulnerable.\n\nOnly x86 PV guests can trigger this vulnerability, and only when running\nin shadow mode. Shadow mode would be in use when migrating guests or as\na workaround for XSA-273 (L1TF)."
}
]
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Charles Arnold of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The known (observed) impact would be a Denial of Service (DoS) affecting\nthe entire host, due to running out of memory. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-408.txt",
"refsource": "MISC",
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-408.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"name": "FEDORA-2022-4f7cd241e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5272",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5272"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not running x86 PV guests will avoid the vulnerability."
}
]
}
}
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-33745"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xenproject.org/xsa/advisory-408.txt",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://xenbits.xenproject.org/xsa/advisory-408.txt"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-408.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-408.html"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v2 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/2"
},
{
"name": "[oss-security] 20220726 Xen Security Advisory 408 v3 (CVE-2022-33745) - insufficient TLB flush for x86 PV guests in shadow mode",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/26/3"
},
{
"name": "FEDORA-2022-4f7cd241e2",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5272",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5272"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-12-12T20:45Z",
"publishedDate": "2022-07-26T13:15Z"
}
}
}
OPENSUSE-SU-2024:12219-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
xen-4.16.1_02-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: xen-4.16.1_02-3.1 on GA media
Description of the patch: These are all security issues fixed in the xen-4.16.1_02-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12219
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xen-4.16.1_02-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xen-4.16.1_02-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12219",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12219-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "xen-4.16.1_02-3.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12219-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-4.16.1_02-3.1.aarch64",
"product_id": "xen-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-devel-4.16.1_02-3.1.aarch64",
"product_id": "xen-devel-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-doc-html-4.16.1_02-3.1.aarch64",
"product_id": "xen-doc-html-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-libs-4.16.1_02-3.1.aarch64",
"product_id": "xen-libs-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.1_06-1.1.aarch64",
"product": {
"name": "xen-libs-32bit-4.16.1_06-1.1.aarch64",
"product_id": "xen-libs-32bit-4.16.1_06-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-tools-4.16.1_02-3.1.aarch64",
"product_id": "xen-tools-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-tools-domU-4.16.1_02-3.1.aarch64",
"product_id": "xen-tools-domU-4.16.1_02-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"product_id": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-4.16.1_02-3.1.ppc64le",
"product_id": "xen-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-devel-4.16.1_02-3.1.ppc64le",
"product_id": "xen-devel-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-doc-html-4.16.1_02-3.1.ppc64le",
"product_id": "xen-doc-html-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-libs-4.16.1_02-3.1.ppc64le",
"product_id": "xen-libs-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"product": {
"name": "xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"product_id": "xen-libs-32bit-4.16.1_06-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-tools-4.16.1_02-3.1.ppc64le",
"product_id": "xen-tools-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-tools-domU-4.16.1_02-3.1.ppc64le",
"product_id": "xen-tools-domU-4.16.1_02-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"product_id": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-4.16.1_02-3.1.s390x",
"product_id": "xen-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-devel-4.16.1_02-3.1.s390x",
"product_id": "xen-devel-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-doc-html-4.16.1_02-3.1.s390x",
"product_id": "xen-doc-html-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-libs-4.16.1_02-3.1.s390x",
"product_id": "xen-libs-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.1_06-1.1.s390x",
"product": {
"name": "xen-libs-32bit-4.16.1_06-1.1.s390x",
"product_id": "xen-libs-32bit-4.16.1_06-1.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-tools-4.16.1_02-3.1.s390x",
"product_id": "xen-tools-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-tools-domU-4.16.1_02-3.1.s390x",
"product_id": "xen-tools-domU-4.16.1_02-3.1.s390x"
}
},
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"product_id": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-4.16.1_02-3.1.x86_64",
"product_id": "xen-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-devel-4.16.1_02-3.1.x86_64",
"product_id": "xen-devel-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-doc-html-4.16.1_02-3.1.x86_64",
"product_id": "xen-doc-html-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-libs-4.16.1_02-3.1.x86_64",
"product_id": "xen-libs-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.1_06-1.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.16.1_06-1.1.x86_64",
"product_id": "xen-libs-32bit-4.16.1_06-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-tools-4.16.1_02-3.1.x86_64",
"product_id": "xen-tools-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-tools-domU-4.16.1_02-3.1.x86_64",
"product_id": "xen-tools-domU-4.16.1_02-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64",
"product_id": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-devel-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-devel-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-devel-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-devel-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-doc-html-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-doc-html-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-doc-html-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-doc-html-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-libs-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-libs-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-libs-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-libs-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.16.1_06-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64"
},
"product_reference": "xen-libs-32bit-4.16.1_06-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.16.1_06-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le"
},
"product_reference": "xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.16.1_06-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x"
},
"product_reference": "xen-libs-32bit-4.16.1_06-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.16.1_06-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.16.1_06-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-tools-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-tools-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-tools-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-tools-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-tools-domU-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-tools-domU-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-tools-domU-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-tools-domU-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-devel-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-doc-html-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.aarch64",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.s390x",
"openSUSE Tumbleweed:xen-libs-32bit-4.16.1_06-1.1.x86_64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-libs-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-domU-4.16.1_02-3.1.x86_64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.aarch64",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.ppc64le",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.s390x",
"openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.16.1_02-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
SUSE-SU-2022:2557-1
Vulnerability from csaf_suse - Published: 2022-07-27 08:01 - Updated: 2022-07-27 08:01Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Patchnames: SUSE-2022-2557,SUSE-SLE-SDK-12-SP5-2022-2557,SUSE-SLE-SERVER-12-SP5-2022-2557
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2557,SUSE-SLE-SDK-12-SP5-2022-2557,SUSE-SLE-SERVER-12-SP5-2022-2557",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2557-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2557-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2557-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011677.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-27T08:01:31Z",
"generator": {
"date": "2022-07-27T08:01:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2557-1",
"initial_release_date": "2022-07-27T08:01:31Z",
"revision_history": [
{
"date": "2022-07-27T08:01:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-4.12.4_26-3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-devel-4.12.4_26-3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-doc-html-4.12.4_26-3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-libs-4.12.4_26-3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-tools-4.12.4_26-3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-3.74.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_26-3.74.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_26-3.74.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_26-3.74.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_26-3.74.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_26-3.74.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-3.74.1.i586",
"product": {
"name": "xen-devel-4.12.4_26-3.74.1.i586",
"product_id": "xen-devel-4.12.4_26-3.74.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-3.74.1.i586",
"product": {
"name": "xen-libs-4.12.4_26-3.74.1.i586",
"product_id": "xen-libs-4.12.4_26-3.74.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-3.74.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_26-3.74.1.i586",
"product_id": "xen-tools-domU-4.12.4_26-3.74.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-devel-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-doc-html-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-libs-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-tools-4.12.4_26-3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_26-3.74.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-3.74.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64"
},
"product_reference": "xen-devel-4.12.4_26-3.74.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-27T08:01:31Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…