Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-20593 (GCVE-0-2023-20593)
Vulnerability from cvelistv5 – Published: 2023-07-24 19:38 – Updated: 2025-02-13 16:39
VLAI
EPSS
Summary
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
35 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
Affected:
various
|
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4 |
Affected:
various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Lucienne” |
Affected:
various
|
|
| AMD | Ryzen™ 4000 Series Mobile processors with Radeon™ Graphics “Renoir” |
Affected:
various
|
|
| AMD | Ryzen™ 7020 Series processors “Mendocino” FT6 |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2023-07-24 19:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:45.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-433.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cmpxchg8b.com/zenbleed.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5459"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5462"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T16:07:50.725588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T16:08:15.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"packageName": "\u00b5code / AGESA\u2122 firmware",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-07-24T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:12:11.483Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-433.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
},
{
"url": "https://cmpxchg8b.com/zenbleed.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5459"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5462"
},
{
"url": "https://www.debian.org/security/2023/dsa-5461"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
}
],
"source": {
"advisory": "AMD-SB-7008",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20593",
"datePublished": "2023-07-24T19:38:43.385Z",
"dateReserved": "2022-10-27T18:53:39.762Z",
"dateUpdated": "2025-02-13T16:39:49.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-20593",
"date": "2026-06-27",
"epss": "0.05794",
"percentile": "0.92183"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.14.0:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"68DF2F8C-12AA-477E-A803-CBFBB151138C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.15.0:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"C3BFD203-8E25-46AF-AF43-DAFB86BDFE0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.16.0:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"141FB3BC-DDC0-4E57-B1B3-0FF42B0F99B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.17.0:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"EBC05EF9-E4DE-45AA-873E-F91A3530FA4E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32B01772-B9AB-4724-BC36-C707E01C9EDB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_3100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE4F55EF-4F2B-499C-8173-12BE32085744\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22B7FA81-11D0-4DC2-B81D-1BD48D341E6A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_3300x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45C1A897-5FA2-403D-86C2-9D67C5B043A9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F0E87F5-65BA-477D-9679-907FD2906298\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_3500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A56423-3DDE-451B-AC47-51715AC74F41\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"927B2661-8988-484F-965C-D94AA9D52911\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_3500x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0CD66B3-96B6-43A0-AA57-A548FF34B5F9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15D68B5B-0878-47BA-9DCC-BF2D793F92E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9B07D45-5EA5-405E-A649-DADE2451E3EC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D72FC510-6F4C-4D04-BEA9-9DDE22617CEF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_3600x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09342618-057F-4F49-A43F-352212738F80\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD9B37D9-8A56-4058-9AFF-3BE64D95CC23\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_3600xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B156A9F3-E22D-428D-9E84-9D6CD6F3FE3E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D824D3D-E27D-4B6D-A7CC-0D42288AA5C6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_3700x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"937E2FA2-BED8-48FF-8D01-153D4039F224\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6788A3F-6731-4529-AAFF-3CB893C0D07B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_3800x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DC56C52-6200-47CD-A722-28A1437050B3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A45A30A-6857-419E-8816-7EC9F8C8FEF8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_3800xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D814C2A-D794-46A8-9A06-CC4DB387176F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CFA3FA5-601A-42DF-8FBD-846ED91ECE3C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_9_3900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5CB2C92-A84F-450D-BC0F-3675423DBF0E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53240910-3F88-465C-A0CD-A98395A05756\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_9_3900x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED8BD87-468E-4953-96B1-CF923985B963\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4350ADE3-9A31-4A23-9B15-7A44E8F29E90\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_9_3900xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E52108F-FAAE-4075-8F87-239008E77009\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F23104CA-40BB-497E-809E-B89BDBB8B844\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_9_3950x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A468A5E6-BCFA-4141-955E-D7AFE1737913\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_9_pro_3900_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4DB7AC6-B12B-4951-A916-F04443676521\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_9_pro_3900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C86CD4F-AE07-47E2-ADD0-43C796709AFD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37F1D3A8-2FD7-4767-BC2A-2ADA8A53ECCC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_pro_3995wx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"015BEF9F-7CFC-4A99-B9B4-FB58B3F35E31\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57E61614-68FD-437A-8037-801E0663CBD8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_pro_3975wx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D16B66-A4EC-422D-856A-A862ECE13FBE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3E5574E-5537-4F47-AB05-8A8D1D4C2BBF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_pro_3955wx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EDF7650-0A7D-48FF-AD78-2D2DBF3CD646\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73A86733-31A4-4146-9539-01883B0D315A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_pro_3945wx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85D99997-1389-493E-BDEA-9904A46E48EE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72F74102-CBC1-4BB8-80A7-A2DCB6F4239A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_3990x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D1A55FE-F144-494E-BCF0-7E367DA56E40\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7AE0210-F156-42BA-AAD5-177A2E845A4B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_3970x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDDFDB8A-5EFB-4D00-9E05-FC19B4CD8913\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A986D34-FDDA-48D5-8762-2B1AF2C6DA3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_threadripper_3960x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"978DF75D-F7B7-40F6-8054-9551306106F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0D63B0-369D-4337-AC25-F0851C0C15C3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_4700g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B44C21E-681A-4869-8D9D-D3898D9CBB3B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14B4470-CF19-40F0-A765-08BA391F0E45\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_4700ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D640C5C-C906-41A2-96BC-19299ADB9446\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD852DB5-720F-473E-99EB-F037E81AA567\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_4600g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0005355A-DA7A-417D-8AF9-F6CC880040BC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30F5D1C5-6AAE-4226-A627-9F37D7131102\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_4600ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1614C8C2-0DDF-464F-BAE5-812CED10CA17\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"755801C1-7058-4584-BB7B-BE2BF9D5B78B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_4300g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BE6DAAF-7A5E-4D6C-862A-443647E66432\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59172BDD-6177-4E6E-B9D7-C453EB1D651A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_4300ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"492017EE-C13F-4C40-887F-9C3C9F439898\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_pro_4450u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDE0A1A5-299E-4120-A98E-8D0F77D809E6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_pro_4450u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEB23725-CE72-431F-9339-A03D2C858CB1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_pro_4350ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C867D306-DE0B-445E-8649-609D88C59735\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_pro_4350ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A626B29D-571B-4B92-9526-41AED1883C52\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_pro_4350g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E36BC40A-40EE-4AEE-BFCA-B32CAC9CCE51\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_pro_4350g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B522666B-DCE3-465D-8B15-87FCD1F8F491\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_pro_4200g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"258877EE-6437-431B-AB94-C62793501AD6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_pro_4200g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62148F9D-66A9-4501-83D8-523FB9E88276\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_pro_4650ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C51C696-4DC3-47AD-92F9-CDC83992DCBE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_pro_4650ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9DF7BC4-C310-4A90-B838-954192B74546\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_pro_4650g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B6664F8-CEDB-4EC7-9AA8-98FD5F1F74BB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_pro_4650g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72FA89F8-EB76-4647-8CD1-B624CE01B656\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_pro_4400g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F01010C7-2428-415D-A210-6D2802D112DC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_pro_4400g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B24DBAE9-6E68-464E-BA55-0CE14ED3A177\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_pro_4750u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28E39E6E-173A-46D0-8EE3-2DA1625C0719\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_pro_4750u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9217C213-F7BB-4E3F-A4FE-A67A8411E964\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_pro_4750ge_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B64C298-F2F1-4D3B-B0A9-0992BF8E7D82\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_pro_4750ge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"126DC252-6395-48DF-86FD-8D5FA3B9F536\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_pro_4750g_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8EAC71F-E8F3-45A0-87AE-0FE16084A9B0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_pro_4750g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BCE44B9-90E0-4BE5-97CA-6B9E8BA4DD11\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8390832E-A389-454A-B8F3-630708DDC9BE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56772AAA-A5A9-4125-B4DB-939D583DA8E5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"181E611F-CC4C-4F72-930D-93C3A85BF2A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C212F6CE-1920-44DC-AC13-4922A052CEBB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9348AE1-C1F5-4512-9392-4A5971442EA1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDE2EB95-146C-4DFA-A627-3E4B3CDD5F88\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_5_7520u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6DDD082-BAA1-415A-8E2A-AF8F5F27BDC2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0870FBE4-92B4-4717-88B0-EC1094268034\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:ryzen_3_7320u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33BCC8C4-3F88-4D2B-BBDD-860619B3E15C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48F04B9F-8C65-476B-B5D8-18CC96E3B712\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:athlon_gold_7220u_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51AE02B6-08DF-42C1-9C0F-4BC20A2B0F7A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:athlon_gold_7220u:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6FD18F2-168F-49D1-9363-80BDB0D0215E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7232p_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1527680F-0762-4E3E-BB6D-09866A1C610D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16D55BEF-AFC8-45DC-9401-5DEF374E16C5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7302p_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D964031-15E2-461B-BC1B-213EF720E720\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A2E0AC0-8BDE-49F8-B067-DB03037921DD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7402p_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52817B56-DC1B-46C7-9F86-AE2E7328B7A4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92EBDDBF-37C2-4D09-B744-F78169B2C1C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7502p_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"081BBB24-2EB6-4DAC-9B78-ABC114BAE6FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"563708A3-7C51-4693-B02D-9A25A639FE42\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7702p_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02C8C50D-2994-4AB7-AD1C-31560608D007\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72C86198-0BD4-42E1-974B-70A49F82C411\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7252_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73789139-3498-4ED8-A80C-A8794BC176A7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B816918-6CCF-4010-AA16-7BF8A93AD7D1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7262_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE409172-E478-4557-977E-8EDF016F061D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FBBFDD3-A85D-43A3-AD67-D69E91C633B6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7272_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99075640-17C5-47EA-B9B5-FE72BA9C62C9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F187412-26C2-4D8C-9199-D7CCF49D6520\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7282_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D489967C-CD37-44C3-B8DB-7B813562909F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26FC5683-F612-4586-8BA3-FB1F66D8868B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7302_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB83D414-FD6D-4502-B487-F0D00DAD3972\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F7CB05E-C4F4-481F-AFB0-9288EBE6DB62\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7352_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77566843-4A30-441F-8FBA-7D3C76907BB1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1540CCD-1ED8-4B4E-AD43-7DE2689D9A21\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7402_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A18D2F3-39A4-4D1E-963E-6D5BF93615FF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"430C9955-0090-4166-8E90-D81C2AA7DE0D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7452_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9921332-9BAE-4D93-A2FD-576D9BA72408\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68ACF30E-62DD-4217-B7F0-4A0FFF47E8EF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7502_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8915EEB-7957-4145-B9CF-DEFDD2D613F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49BBC687-5C3C-4843-A028-B8BE29D1E302\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7532_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53BBC3B4-BD63-4895-AE29-E59396806AA6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EDABE45-F529-453C-92DC-BF7747CEEC0E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7542_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB5026DA-DB92-42FE-8FD8-07CBDCC4CA7F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC94B03B-A7FE-47AE-969D-FFEF278A7A9B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7552_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E03CC6F-1880-46F8-AF5C-4DD4BC1FC633\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A6C7497-1B63-490F-B8EA-D9F3CB790952\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7642_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82315CD-2E07-4BDE-9A9F-D06640680D76\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EDF8A1E-B259-43D0-A56C-8C2BB688A32C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7662_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A14E26-5950-4B06-8AEE-5FF03415F4DC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E8C6528-9100-41D2-88A2-FFEABAB8F86A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7702_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"955DF45C-0F81-4EE8-B7E2-0687122253AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AC99346-DBF1-4060-8E6B-35D315944ADA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7742_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00715133-F99C-49F2-9B0B-16D2F15E4D49\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F4A126-B4A6-480A-9DD7-7F68714DFB49\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7h12_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6F37AAF-A618-46C3-9C49-4B6CD9BDA830\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89FAAD8C-6DD1-408D-849B-0CE707321B13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7f32_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51FFEC71-AB00-419D-A14D-8EEE2BEF9DA5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E25652AB-E243-4C40-BE12-AB53AF52CD61\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7f52_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FC1DBAF-E27D-47EA-9AA1-BCE7D4CAF0EA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87543FB4-658A-4300-9DC9-836AC1D4BCFB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:amd:epyc_7f72_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B71C2E30-E155-49B8-B90F-F9844A25C155\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B3C659-C31A-4F82-9587-9F8A943F637D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nAn issue in \\u201cZen 2\\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\\n\\n\\n\\n\\n\\n\\n\"}]",
"id": "CVE-2023-20593",
"lastModified": "2024-11-21T07:41:11.193",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2023-07-24T20:15:10.237",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\", \"source\": \"psirt@amd.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/24/3\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/1\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/12\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/13\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/14\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/15\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/16\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/17\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/5\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/6\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/26/1\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/2\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/6\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/7\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/8\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/4\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/5\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/4\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/7\", \"source\": \"psirt@amd.com\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-433.html\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://cmpxchg8b.com/zenbleed.html\", \"source\": \"psirt@amd.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\", \"source\": \"psirt@amd.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0004/\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\", \"source\": \"psirt@amd.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5459\", \"source\": \"psirt@amd.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5461\", \"source\": \"psirt@amd.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5462\", \"source\": \"psirt@amd.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/24/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/26/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-433.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://cmpxchg8b.com/zenbleed.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-20593\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-07-24T20:15:10.237\",\"lastModified\":\"2026-06-17T05:30:23.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\"}],\"affected\":[{\"source\":\"psirt@amd.com\",\"affectedData\":[{\"vendor\":\"AMD\",\"product\":\"Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6\",\"defaultStatus\":\"affected\",\"packageName\":\"AGESA\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]},{\"vendor\":\"AMD\",\"product\":\"2nd Gen AMD EPYC\u2122 Processors\",\"defaultStatus\":\"affected\",\"packageName\":\"\u00b5code / AGESA\u2122 firmware\",\"platforms\":[\"x86\"],\"versions\":[{\"version\":\"various\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-11-19T16:07:50.725588Z\",\"id\":\"CVE-2023-20593\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.14.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"68DF2F8C-12AA-477E-A803-CBFBB151138C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.15.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"C3BFD203-8E25-46AF-AF43-DAFB86BDFE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.16.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"141FB3BC-DDC0-4E57-B1B3-0FF42B0F99B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.17.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"EBC05EF9-E4DE-45AA-873E-F91A3530FA4E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B01772-B9AB-4724-BC36-C707E01C9EDB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE4F55EF-4F2B-499C-8173-12BE32085744\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22B7FA81-11D0-4DC2-B81D-1BD48D341E6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_3300x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C1A897-5FA2-403D-86C2-9D67C5B043A9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F0E87F5-65BA-477D-9679-907FD2906298\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A56423-3DDE-451B-AC47-51715AC74F41\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"927B2661-8988-484F-965C-D94AA9D52911\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_3500x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CD66B3-96B6-43A0-AA57-A548FF34B5F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15D68B5B-0878-47BA-9DCC-BF2D793F92E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B07D45-5EA5-405E-A649-DADE2451E3EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72FC510-6F4C-4D04-BEA9-9DDE22617CEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_3600x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09342618-057F-4F49-A43F-352212738F80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD9B37D9-8A56-4058-9AFF-3BE64D95CC23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_3600xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B156A9F3-E22D-428D-9E84-9D6CD6F3FE3E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D824D3D-E27D-4B6D-A7CC-0D42288AA5C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_3700x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"937E2FA2-BED8-48FF-8D01-153D4039F224\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6788A3F-6731-4529-AAFF-3CB893C0D07B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_3800x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DC56C52-6200-47CD-A722-28A1437050B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A45A30A-6857-419E-8816-7EC9F8C8FEF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_3800xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D814C2A-D794-46A8-9A06-CC4DB387176F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFA3FA5-601A-42DF-8FBD-846ED91ECE3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_9_3900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5CB2C92-A84F-450D-BC0F-3675423DBF0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53240910-3F88-465C-A0CD-A98395A05756\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_9_3900x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED8BD87-468E-4953-96B1-CF923985B963\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4350ADE3-9A31-4A23-9B15-7A44E8F29E90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_9_3900xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E52108F-FAAE-4075-8F87-239008E77009\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F23104CA-40BB-497E-809E-B89BDBB8B844\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_9_3950x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A468A5E6-BCFA-4141-955E-D7AFE1737913\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_9_pro_3900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4DB7AC6-B12B-4951-A916-F04443676521\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_9_pro_3900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C86CD4F-AE07-47E2-ADD0-43C796709AFD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37F1D3A8-2FD7-4767-BC2A-2ADA8A53ECCC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_pro_3995wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"015BEF9F-7CFC-4A99-B9B4-FB58B3F35E31\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E61614-68FD-437A-8037-801E0663CBD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_pro_3975wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D16B66-A4EC-422D-856A-A862ECE13FBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E5574E-5537-4F47-AB05-8A8D1D4C2BBF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_pro_3955wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDF7650-0A7D-48FF-AD78-2D2DBF3CD646\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73A86733-31A4-4146-9539-01883B0D315A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_pro_3945wx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85D99997-1389-493E-BDEA-9904A46E48EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72F74102-CBC1-4BB8-80A7-A2DCB6F4239A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_3990x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1A55FE-F144-494E-BCF0-7E367DA56E40\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7AE0210-F156-42BA-AAD5-177A2E845A4B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_3970x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDDFDB8A-5EFB-4D00-9E05-FC19B4CD8913\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A986D34-FDDA-48D5-8762-2B1AF2C6DA3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_threadripper_3960x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"978DF75D-F7B7-40F6-8054-9551306106F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0D63B0-369D-4337-AC25-F0851C0C15C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_4700g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B44C21E-681A-4869-8D9D-D3898D9CBB3B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14B4470-CF19-40F0-A765-08BA391F0E45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_4700ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D640C5C-C906-41A2-96BC-19299ADB9446\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD852DB5-720F-473E-99EB-F037E81AA567\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_4600g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0005355A-DA7A-417D-8AF9-F6CC880040BC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30F5D1C5-6AAE-4226-A627-9F37D7131102\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_4600ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1614C8C2-0DDF-464F-BAE5-812CED10CA17\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"755801C1-7058-4584-BB7B-BE2BF9D5B78B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_4300g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE6DAAF-7A5E-4D6C-862A-443647E66432\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59172BDD-6177-4E6E-B9D7-C453EB1D651A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_4300ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492017EE-C13F-4C40-887F-9C3C9F439898\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_pro_4450u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDE0A1A5-299E-4120-A98E-8D0F77D809E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_pro_4450u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEB23725-CE72-431F-9339-A03D2C858CB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_pro_4350ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C867D306-DE0B-445E-8649-609D88C59735\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_pro_4350ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A626B29D-571B-4B92-9526-41AED1883C52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_pro_4350g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36BC40A-40EE-4AEE-BFCA-B32CAC9CCE51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_pro_4350g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B522666B-DCE3-465D-8B15-87FCD1F8F491\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_pro_4200g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"258877EE-6437-431B-AB94-C62793501AD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_pro_4200g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62148F9D-66A9-4501-83D8-523FB9E88276\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_pro_4650ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C51C696-4DC3-47AD-92F9-CDC83992DCBE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_pro_4650ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9DF7BC4-C310-4A90-B838-954192B74546\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_pro_4650g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B6664F8-CEDB-4EC7-9AA8-98FD5F1F74BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_pro_4650g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72FA89F8-EB76-4647-8CD1-B624CE01B656\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_pro_4400g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F01010C7-2428-415D-A210-6D2802D112DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_pro_4400g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B24DBAE9-6E68-464E-BA55-0CE14ED3A177\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_pro_4750u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E39E6E-173A-46D0-8EE3-2DA1625C0719\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_pro_4750u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9217C213-F7BB-4E3F-A4FE-A67A8411E964\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_pro_4750ge_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B64C298-F2F1-4D3B-B0A9-0992BF8E7D82\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_pro_4750ge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126DC252-6395-48DF-86FD-8D5FA3B9F536\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_pro_4750g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8EAC71F-E8F3-45A0-87AE-0FE16084A9B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_pro_4750g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCE44B9-90E0-4BE5-97CA-6B9E8BA4DD11\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8390832E-A389-454A-B8F3-630708DDC9BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_7_5700u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56772AAA-A5A9-4125-B4DB-939D583DA8E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"181E611F-CC4C-4F72-930D-93C3A85BF2A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_5500u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C212F6CE-1920-44DC-AC13-4922A052CEBB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9348AE1-C1F5-4512-9392-4A5971442EA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_5300u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDE2EB95-146C-4DFA-A627-3E4B3CDD5F88\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_5_7520u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6DDD082-BAA1-415A-8E2A-AF8F5F27BDC2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0870FBE4-92B4-4717-88B0-EC1094268034\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:ryzen_3_7320u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33BCC8C4-3F88-4D2B-BBDD-860619B3E15C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F04B9F-8C65-476B-B5D8-18CC96E3B712\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:athlon_gold_7220u_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51AE02B6-08DF-42C1-9C0F-4BC20A2B0F7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:athlon_gold_7220u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FD18F2-168F-49D1-9363-80BDB0D0215E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7232p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1527680F-0762-4E3E-BB6D-09866A1C610D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D55BEF-AFC8-45DC-9401-5DEF374E16C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7302p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D964031-15E2-461B-BC1B-213EF720E720\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2E0AC0-8BDE-49F8-B067-DB03037921DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7402p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52817B56-DC1B-46C7-9F86-AE2E7328B7A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92EBDDBF-37C2-4D09-B744-F78169B2C1C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7502p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"081BBB24-2EB6-4DAC-9B78-ABC114BAE6FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"563708A3-7C51-4693-B02D-9A25A639FE42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7702p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C8C50D-2994-4AB7-AD1C-31560608D007\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72C86198-0BD4-42E1-974B-70A49F82C411\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7252_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73789139-3498-4ED8-A80C-A8794BC176A7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B816918-6CCF-4010-AA16-7BF8A93AD7D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7262_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE409172-E478-4557-977E-8EDF016F061D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FBBFDD3-A85D-43A3-AD67-D69E91C633B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7272_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99075640-17C5-47EA-B9B5-FE72BA9C62C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F187412-26C2-4D8C-9199-D7CCF49D6520\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7282_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D489967C-CD37-44C3-B8DB-7B813562909F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26FC5683-F612-4586-8BA3-FB1F66D8868B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7302_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB83D414-FD6D-4502-B487-F0D00DAD3972\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F7CB05E-C4F4-481F-AFB0-9288EBE6DB62\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7352_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77566843-4A30-441F-8FBA-7D3C76907BB1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1540CCD-1ED8-4B4E-AD43-7DE2689D9A21\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7402_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A18D2F3-39A4-4D1E-963E-6D5BF93615FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"430C9955-0090-4166-8E90-D81C2AA7DE0D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7452_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9921332-9BAE-4D93-A2FD-576D9BA72408\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68ACF30E-62DD-4217-B7F0-4A0FFF47E8EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7502_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8915EEB-7957-4145-B9CF-DEFDD2D613F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49BBC687-5C3C-4843-A028-B8BE29D1E302\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7532_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53BBC3B4-BD63-4895-AE29-E59396806AA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EDABE45-F529-453C-92DC-BF7747CEEC0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7542_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB5026DA-DB92-42FE-8FD8-07CBDCC4CA7F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC94B03B-A7FE-47AE-969D-FFEF278A7A9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7552_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E03CC6F-1880-46F8-AF5C-4DD4BC1FC633\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A6C7497-1B63-490F-B8EA-D9F3CB790952\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7642_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82315CD-2E07-4BDE-9A9F-D06640680D76\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EDF8A1E-B259-43D0-A56C-8C2BB688A32C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7662_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A14E26-5950-4B06-8AEE-5FF03415F4DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8C6528-9100-41D2-88A2-FFEABAB8F86A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7702_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955DF45C-0F81-4EE8-B7E2-0687122253AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AC99346-DBF1-4060-8E6B-35D315944ADA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7742_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00715133-F99C-49F2-9B0B-16D2F15E4D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F4A126-B4A6-480A-9DD7-7F68714DFB49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7h12_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F37AAF-A618-46C3-9C49-4B6CD9BDA830\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89FAAD8C-6DD1-408D-849B-0CE707321B13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f32_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51FFEC71-AB00-419D-A14D-8EEE2BEF9DA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25652AB-E243-4C40-BE12-AB53AF52CD61\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f52_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC1DBAF-E27D-47EA-9AA1-BCE7D4CAF0EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87543FB4-658A-4300-9DC9-836AC1D4BCFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7f72_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71C2E30-E155-49B8-B90F-F9844A25C155\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B3C659-C31A-4F82-9587-9F8A943F637D\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Jul/43\",\"source\":\"psirt@amd.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/24/3\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/1\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/12\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/13\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/14\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/15\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/16\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/17\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/5\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/6\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/26/1\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/31/2\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/6\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/7\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/8\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/16/4\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/16/5\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/11\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/9\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/25/4\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/25/7\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-433.html\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cmpxchg8b.com/zenbleed.html\",\"source\":\"psirt@amd.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\",\"source\":\"psirt@amd.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0004/\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5459\",\"source\":\"psirt@amd.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5461\",\"source\":\"psirt@amd.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5462\",\"source\":\"psirt@amd.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Jul/43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/24/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/25/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/31/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/08/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/16/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/08/16/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/25/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/25/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-433.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cmpxchg8b.com/zenbleed.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-433.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/24/3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/13\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/17\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/15\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cmpxchg8b.com/zenbleed.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5459\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5462\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5461\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0004/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:05:45.858Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20593\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-19T16:07:50.725588Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-209\", \"description\": \"CWE-209 Generation of Error Message Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T16:08:09.388Z\"}}], \"cna\": {\"source\": {\"advisory\": \"AMD-SB-7008\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 3000 Series Desktop Processors \\u201cMatisse\\u201d AM4\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Desktop Processors with Radeon\\u2122 Graphics \\u201cRenoir\\u201d AM4\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"3rd Gen AMD Ryzen\\u2122 Threadripper\\u2122 Processors \\u201cCastle Peak\\u201d HEDT\", \"versions\": [{\"status\": \"affected\", \"version\": \"various\"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 Threadripper\\u2122 PRO Processors \\u201cCastle Peak\\u201d WS SP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 5000 Series Mobile processors with Radeon\\u2122 Graphics \\u201cLucienne\\u201d\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 4000 Series Mobile processors with Radeon\\u2122 Graphics \\u201cRenoir\\u201d\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"Ryzen\\u2122 7020 Series processors \\u201cMendocino\\u201d FT6\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"AGESA\", \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"2nd Gen AMD EPYC\\u2122 Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"various \"}], \"platforms\": [\"x86\"], \"packageName\": \"\\u00b5code / AGESA\\u2122 firmware\", \"defaultStatus\": \"affected\"}], \"datePublic\": \"2023-07-24T19:00:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-433.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/24/3\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/5\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/13\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/17\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/12\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/16\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/14\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/25/15\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/26/1\"}, {\"url\": \"https://cmpxchg8b.com/zenbleed.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5459\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5462\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5461\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/7\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/8\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/08/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/08/16/5\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/25/7\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0004/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nAn issue in \\u201cZen 2\\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(248, 249, 250);\\\"\u003eAn issue in \\u201cZen 2\\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2023-07-24T19:39:41.259Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-20593\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T16:08:15.479Z\", \"dateReserved\": \"2022-10-27T18:53:39.762Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2023-07-24T19:38:43.385Z\", \"assignerShortName\": \"AMD\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2023:3494-1
Vulnerability from csaf_suse - Published: 2023-08-30 19:23 - Updated: 2023-08-30 19:23Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).
Patchnames: SUSE-2023-3494,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3494,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3494,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3494
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).\n- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3494,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3494,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3494,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3494",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3494-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3494-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233494-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3494-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016051.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214082",
"url": "https://bugzilla.suse.com/1214082"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-08-30T19:23:13Z",
"generator": {
"date": "2023-08-30T19:23:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3494-1",
"initial_release_date": "2023-08-30T19:23:13Z",
"revision_history": [
{
"date": "2023-08-30T19:23:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-4.12.4_36-150100.3.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-devel-4.12.4_36-150100.3.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-doc-html-4.12.4_36-150100.3.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-libs-4.12.4_36-150100.3.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-tools-4.12.4_36-150100.3.89.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_36-150100.3.89.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_36-150100.3.89.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_36-150100.3.89.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_36-150100.3.89.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-150100.3.89.1.i586",
"product": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.i586",
"product_id": "xen-devel-4.12.4_36-150100.3.89.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-150100.3.89.1.i586",
"product": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.i586",
"product_id": "xen-libs-4.12.4_36-150100.3.89.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.i586",
"product_id": "xen-tools-domU-4.12.4_36-150100.3.89.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-devel-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-doc-html-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-libs-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-tools-4.12.4_36-150100.3.89.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:13Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_36-150100.3.89.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_36-150100.3.89.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:13Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
}
]
}
SUSE-SU-2023:3495-1
Vulnerability from csaf_suse - Published: 2023-08-30 19:23 - Updated: 2023-08-30 19:23Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).
Patchnames: SUSE-2023-3495,SUSE-SLE-SDK-12-SP5-2023-3495,SUSE-SLE-SERVER-12-SP5-2023-3495
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).\n- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3495,SUSE-SLE-SDK-12-SP5-2023-3495,SUSE-SLE-SERVER-12-SP5-2023-3495",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3495-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3495-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233495-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3495-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214082",
"url": "https://bugzilla.suse.com/1214082"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-08-30T19:23:55Z",
"generator": {
"date": "2023-08-30T19:23:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3495-1",
"initial_release_date": "2023-08-30T19:23:55Z",
"revision_history": [
{
"date": "2023-08-30T19:23:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-4.12.4_36-3.91.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-devel-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-devel-4.12.4_36-3.91.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-doc-html-4.12.4_36-3.91.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-libs-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-libs-4.12.4_36-3.91.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-tools-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-tools-4.12.4_36-3.91.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-3.91.2.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_36-3.91.2.aarch64",
"product_id": "xen-tools-domU-4.12.4_36-3.91.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_36-3.91.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_36-3.91.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_36-3.91.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-3.91.2.i586",
"product": {
"name": "xen-devel-4.12.4_36-3.91.2.i586",
"product_id": "xen-devel-4.12.4_36-3.91.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-3.91.2.i586",
"product": {
"name": "xen-libs-4.12.4_36-3.91.2.i586",
"product_id": "xen-libs-4.12.4_36-3.91.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-3.91.2.i586",
"product": {
"name": "xen-tools-domU-4.12.4_36-3.91.2.i586",
"product_id": "xen-tools-domU-4.12.4_36-3.91.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-devel-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-devel-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-doc-html-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-libs-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-libs-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-tools-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-tools-4.12.4_36-3.91.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"product_id": "xen-tools-domU-4.12.4_36-3.91.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_36-3.91.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64"
},
"product_reference": "xen-devel-4.12.4_36-3.91.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-devel-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-libs-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-tools-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-libs-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-tools-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_36-3.91.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:55Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_36-3.91.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_36-3.91.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:23:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
}
]
}
SUSE-SU-2023:3496-1
Vulnerability from csaf_suse - Published: 2023-08-30 19:24 - Updated: 2023-08-30 19:24Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Update to Xen 4.13.5 bug fix release (bsc#1027519).
- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).
- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).
- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).
Patchnames: SUSE-2023-3496,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3496,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3496,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3496,SUSE-Storage-7-2023-3496
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nUpdate to Xen 4.13.5 bug fix release (bsc#1027519).\n\n- CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow (XSA-434) (bsc#1214082).\n- CVE-2022-40982: Fixed x86/Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n- CVE-2023-20593: Fixed x86/AMD Zenbleed (XSA-433) (bsc#1213616).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3496,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3496,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3496,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3496,SUSE-Storage-7-2023-3496",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3496-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3496-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233496-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3496-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016049.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214082",
"url": "https://bugzilla.suse.com/1214082"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-08-30T19:24:21Z",
"generator": {
"date": "2023-08-30T19:24:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3496-1",
"initial_release_date": "2023-08-30T19:24:21Z",
"revision_history": [
{
"date": "2023-08-30T19:24:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-4.13.5_02-150200.3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-devel-4.13.5_02-150200.3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-doc-html-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-doc-html-4.13.5_02-150200.3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-libs-4.13.5_02-150200.3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-tools-4.13.5_02-150200.3.74.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.aarch64",
"product": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.aarch64",
"product_id": "xen-tools-domU-4.13.5_02-150200.3.74.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.13.5_02-150200.3.74.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.13.5_02-150200.3.74.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.13.5_02-150200.3.74.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.5_02-150200.3.74.1.i586",
"product": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.i586",
"product_id": "xen-devel-4.13.5_02-150200.3.74.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_02-150200.3.74.1.i586",
"product": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.i586",
"product_id": "xen-libs-4.13.5_02-150200.3.74.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.i586",
"product": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.i586",
"product_id": "xen-tools-domU-4.13.5_02-150200.3.74.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-devel-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-doc-html-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-libs-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-libs-32bit-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-tools-4.13.5_02-150200.3.74.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"product_id": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:24:21Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:24:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Enterprise Storage 7:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_02-150200.3.74.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_02-150200.3.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-30T19:24:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
}
]
}
SUSE-SU-2023:3894-1
Vulnerability from csaf_suse - Published: 2023-09-29 08:36 - Updated: 2023-09-29 08:36Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).
Patchnames: SUSE-2023-3894,SUSE-SLE-SDK-12-SP5-2023-3894,SUSE-SLE-SERVER-12-SP5-2023-3894
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).\n- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).\n- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).\n- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3894,SUSE-SLE-SDK-12-SP5-2023-3894,SUSE-SLE-SERVER-12-SP5-2023-3894",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3894-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3894-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233894-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3894-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031858.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE Bug 1215145",
"url": "https://bugzilla.suse.com/1215145"
},
{
"category": "self",
"summary": "SUSE Bug 1215474",
"url": "https://bugzilla.suse.com/1215474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34322/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-09-29T08:36:25Z",
"generator": {
"date": "2023-09-29T08:36:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3894-1",
"initial_release_date": "2023-09-29T08:36:25Z",
"revision_history": [
{
"date": "2023-09-29T08:36:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-4.12.4_38-3.94.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-devel-4.12.4_38-3.94.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-doc-html-4.12.4_38-3.94.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-libs-4.12.4_38-3.94.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-tools-4.12.4_38-3.94.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-3.94.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_38-3.94.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_38-3.94.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_38-3.94.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_38-3.94.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_38-3.94.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-3.94.1.i586",
"product": {
"name": "xen-devel-4.12.4_38-3.94.1.i586",
"product_id": "xen-devel-4.12.4_38-3.94.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-3.94.1.i586",
"product": {
"name": "xen-libs-4.12.4_38-3.94.1.i586",
"product_id": "xen-libs-4.12.4_38-3.94.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-3.94.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_38-3.94.1.i586",
"product_id": "xen-tools-domU-4.12.4_38-3.94.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-devel-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-doc-html-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-libs-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-tools-4.12.4_38-3.94.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_38-3.94.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_38-3.94.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64"
},
"product_reference": "xen-devel-4.12.4_38-3.94.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_38-3.94.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:36:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20588"
}
],
"notes": [
{
"category": "general",
"text": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20588",
"url": "https://www.suse.com/security/cve/CVE-2023-20588"
},
{
"category": "external",
"summary": "SUSE Bug 1213927 for CVE-2023-20588",
"url": "https://bugzilla.suse.com/1213927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:36:25Z",
"details": "moderate"
}
],
"title": "CVE-2023-20588"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:36:25Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-34322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34322"
}
],
"notes": [
{
"category": "general",
"text": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn\u0027t large enough.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34322",
"url": "https://www.suse.com/security/cve/CVE-2023-34322"
},
{
"category": "external",
"summary": "SUSE Bug 1215145 for CVE-2023-34322",
"url": "https://bugzilla.suse.com/1215145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_38-3.94.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_38-3.94.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:36:25Z",
"details": "important"
}
],
"title": "CVE-2023-34322"
}
]
}
SUSE-SU-2023:3895-1
Vulnerability from csaf_suse - Published: 2023-09-29 08:59 - Updated: 2023-09-29 08:59Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).
Patchnames: SUSE-2023-3895,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3895
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).\n- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).\n- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).\n- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3895,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3895,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3895",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3895-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3895-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233895-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3895-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016463.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE Bug 1215145",
"url": "https://bugzilla.suse.com/1215145"
},
{
"category": "self",
"summary": "SUSE Bug 1215474",
"url": "https://bugzilla.suse.com/1215474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34322/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-09-29T08:59:54Z",
"generator": {
"date": "2023-09-29T08:59:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3895-1",
"initial_release_date": "2023-09-29T08:59:54Z",
"revision_history": [
{
"date": "2023-09-29T08:59:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-4.13.5_04-150200.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-devel-4.13.5_04-150200.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-doc-html-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-doc-html-4.13.5_04-150200.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-libs-4.13.5_04-150200.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-tools-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-tools-4.13.5_04-150200.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.aarch64",
"product": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.aarch64",
"product_id": "xen-tools-domU-4.13.5_04-150200.3.77.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.13.5_04-150200.3.77.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.13.5_04-150200.3.77.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.13.5_04-150200.3.77.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.5_04-150200.3.77.1.i586",
"product": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.i586",
"product_id": "xen-devel-4.13.5_04-150200.3.77.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_04-150200.3.77.1.i586",
"product": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.i586",
"product_id": "xen-libs-4.13.5_04-150200.3.77.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.i586",
"product": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.i586",
"product_id": "xen-tools-domU-4.13.5_04-150200.3.77.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-devel-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-doc-html-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-libs-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-libs-32bit-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-tools-4.13.5_04-150200.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"product_id": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:59:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20588"
}
],
"notes": [
{
"category": "general",
"text": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20588",
"url": "https://www.suse.com/security/cve/CVE-2023-20588"
},
{
"category": "external",
"summary": "SUSE Bug 1213927 for CVE-2023-20588",
"url": "https://bugzilla.suse.com/1213927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:59:54Z",
"details": "moderate"
}
],
"title": "CVE-2023-20588"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:59:54Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-34322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34322"
}
],
"notes": [
{
"category": "general",
"text": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn\u0027t large enough.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34322",
"url": "https://www.suse.com/security/cve/CVE-2023-34322"
},
{
"category": "external",
"summary": "SUSE Bug 1215145 for CVE-2023-34322",
"url": "https://bugzilla.suse.com/1215145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_04-150200.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_04-150200.3.77.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:59:54Z",
"details": "important"
}
],
"title": "CVE-2023-34322"
}
]
}
SUSE-SU-2023:3902-1
Vulnerability from csaf_suse - Published: 2023-09-29 13:10 - Updated: 2023-09-29 13:10Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).
Patchnames: SUSE-2023-3902,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3902,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3902,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3902
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).\n- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).\n- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).\n- CVE-2022-40982: Fixed Intel Gather Data Sampling (XSA-435) (bsc#1214083).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3902,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3902,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3902,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3902",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3902-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3902-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233902-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3902-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016466.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE Bug 1215145",
"url": "https://bugzilla.suse.com/1215145"
},
{
"category": "self",
"summary": "SUSE Bug 1215474",
"url": "https://bugzilla.suse.com/1215474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34322/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-09-29T13:10:32Z",
"generator": {
"date": "2023-09-29T13:10:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3902-1",
"initial_release_date": "2023-09-29T13:10:32Z",
"revision_history": [
{
"date": "2023-09-29T13:10:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-4.12.4_38-150100.3.92.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-devel-4.12.4_38-150100.3.92.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-doc-html-4.12.4_38-150100.3.92.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-libs-4.12.4_38-150100.3.92.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-tools-4.12.4_38-150100.3.92.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_38-150100.3.92.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_38-150100.3.92.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_38-150100.3.92.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_38-150100.3.92.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-150100.3.92.1.i586",
"product": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.i586",
"product_id": "xen-devel-4.12.4_38-150100.3.92.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-150100.3.92.1.i586",
"product": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.i586",
"product_id": "xen-libs-4.12.4_38-150100.3.92.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.i586",
"product_id": "xen-tools-domU-4.12.4_38-150100.3.92.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-devel-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-doc-html-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-libs-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-tools-4.12.4_38-150100.3.92.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:10:32Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-20588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20588"
}
],
"notes": [
{
"category": "general",
"text": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20588",
"url": "https://www.suse.com/security/cve/CVE-2023-20588"
},
{
"category": "external",
"summary": "SUSE Bug 1213927 for CVE-2023-20588",
"url": "https://bugzilla.suse.com/1213927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:10:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-20588"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:10:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-34322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34322"
}
],
"notes": [
{
"category": "general",
"text": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn\u0027t large enough.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34322",
"url": "https://www.suse.com/security/cve/CVE-2023-34322"
},
{
"category": "external",
"summary": "SUSE Bug 1215145 for CVE-2023-34322",
"url": "https://bugzilla.suse.com/1215145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_38-150100.3.92.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_38-150100.3.92.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:10:32Z",
"details": "important"
}
],
"title": "CVE-2023-34322"
}
]
}
SUSE-SU-2023:3903-1
Vulnerability from csaf_suse - Published: 2023-09-29 13:14 - Updated: 2023-09-29 13:14Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
Patchnames: SUSE-2023-3903,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3903,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3903,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3903,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3903,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3903,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3903,SUSE-SUSE-MicroOS-5.1-2023-3903,SUSE-SUSE-MicroOS-5.2-2023-3903,SUSE-Storage-7.1-2023-3903
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6 (Medium)
Affected products
Recommended
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
44 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).\n- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).\n- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3903,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3903,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3903,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3903,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3903,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3903,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3903,SUSE-SUSE-MicroOS-5.1-2023-3903,SUSE-SUSE-MicroOS-5.2-2023-3903,SUSE-Storage-7.1-2023-3903",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3903-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3903-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233903-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3903-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016465.html"
},
{
"category": "self",
"summary": "SUSE Bug 1213616",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "self",
"summary": "SUSE Bug 1215145",
"url": "https://bugzilla.suse.com/1215145"
},
{
"category": "self",
"summary": "SUSE Bug 1215474",
"url": "https://bugzilla.suse.com/1215474"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34322/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2023-09-29T13:14:27Z",
"generator": {
"date": "2023-09-29T13:14:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3903-1",
"initial_release_date": "2023-09-29T13:14:27Z",
"revision_history": [
{
"date": "2023-09-29T13:14:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-4.14.6_04-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-devel-4.14.6_04-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-doc-html-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-doc-html-4.14.6_04-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-libs-4.14.6_04-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-tools-4.14.6_04-150300.3.54.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.aarch64",
"product": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.aarch64",
"product_id": "xen-tools-domU-4.14.6_04-150300.3.54.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.14.6_04-150300.3.54.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.14.6_04-150300.3.54.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.14.6_04-150300.3.54.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.14.6_04-150300.3.54.1.i586",
"product": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.i586",
"product_id": "xen-devel-4.14.6_04-150300.3.54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_04-150300.3.54.1.i586",
"product": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.i586",
"product_id": "xen-libs-4.14.6_04-150300.3.54.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.i586",
"product": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.i586",
"product_id": "xen-tools-domU-4.14.6_04-150300.3.54.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-devel-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-doc-html-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-doc-html-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-libs-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-libs-32bit-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-tools-4.14.6_04-150300.3.54.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"product": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"product_id": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20588"
}
],
"notes": [
{
"category": "general",
"text": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20588",
"url": "https://www.suse.com/security/cve/CVE-2023-20588"
},
{
"category": "external",
"summary": "SUSE Bug 1213927 for CVE-2023-20588",
"url": "https://bugzilla.suse.com/1213927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:14:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-20588"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:14:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-34322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34322"
}
],
"notes": [
{
"category": "general",
"text": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn\u0027t large enough.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34322",
"url": "https://www.suse.com/security/cve/CVE-2023-34322"
},
{
"category": "external",
"summary": "SUSE Bug 1215145 for CVE-2023-34322",
"url": "https://bugzilla.suse.com/1215145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Enterprise Storage 7.1:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Proxy 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch",
"SUSE Manager Server 4.2:xen-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-devel-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-libs-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-domU-4.14.6_04-150300.3.54.1.x86_64",
"SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_04-150300.3.54.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T13:14:27Z",
"details": "important"
}
],
"title": "CVE-2023-34322"
}
]
}
SUSE-SU-2024:0884-1
Vulnerability from csaf_suse - Published: 2024-03-14 12:26 - Updated: 2024-03-14 12:26Summary
Security update for spectre-meltdown-checker
Severity
Moderate
Notes
Title of the patch: Security update for spectre-meltdown-checker
Description of the patch: This update for spectre-meltdown-checker fixes the following issues:
- updated to 0.46
This release mainly focuses on the detection of the new Zenbleed
(CVE-2023-20593) vulnerability, among few other changes that were in
line waiting for a release:
- feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
- feat: add the linux-firmware repository as another source for CPU microcode versions
- feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
- fix: docker: adding missing utils (#433)
- feat: add support for Guix System kernel
- fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
- fix: a /devnull file was mistakenly created on the filesystem
- fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)
- updated to 0.45
- arm64: phytium: Add CPU Implementer Phytium
- arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
- chore: ensure vars are set before being dereferenced (set -u compat)
- chore: fix indentation
- chore: fwdb: update to v220+i20220208
- chore: only attempt to load msr and cpuid module once
- chore: read_cpuid: use named constants
- chore: readme: framapic is gone, host the screenshots on GitHub
- chore: replace 'Vulnerable to' by 'Affected by' in the hw section
- chore: speculative execution -> transient execution
- chore: update fwdb to v222+i20220208
- chore: update Intel Family 6 models
- chore: wording: model not vulnerable -> model not affected
- doc: add an FAQ entry about CVE support
- doc: add an FAQ.md and update the README.md accordingly
- doc: more FAQ and README
- doc: readme: make the FAQ entry more visible
- feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
- feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
- feat: add subleaf != 0 support for read_cpuid
- feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
- feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
- feat: hw check: add IPRED, RRSBA, BHI features check
- feat: implement detection for MCEPSC under BSD
- feat: set default TMPDIR for Android (#415)
- fix: extract_kernel: don't overwrite kernel_err if already set
- fix: has_vmm false positive with pcp
- fix: is_ucode_blacklisted: fix some model names
- fix: mcedb: v191 changed the MCE table format
- fix: refuse to run under MacOS and ESXi
- fix: retpoline: detection on 5.15.28+ (#420)
- fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
Patchnames: SUSE-2024-884,SUSE-SLE-Module-Basesystem-15-SP5-2024-884,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-884,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-884,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-884,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-884,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-884,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-884,SUSE-Storage-7.1-2024-884,openSUSE-SLE-15.5-2024-884
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for spectre-meltdown-checker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for spectre-meltdown-checker fixes the following issues:\n\n- updated to 0.46\n This release mainly focuses on the detection of the new Zenbleed\n (CVE-2023-20593) vulnerability, among few other changes that were in\n line waiting for a release:\n - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)\n - feat: add the linux-firmware repository as another source for CPU microcode versions\n - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2\n - fix: docker: adding missing utils (#433)\n - feat: add support for Guix System kernel\n - fix: rewrite SQL to be sqlite3 \u003e= 3.41 compatible (#443)\n - fix: a /devnull file was mistakenly created on the filesystem\n - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)\n\n- updated to 0.45\n - arm64: phytium: Add CPU Implementer Phytium\n - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig\n - chore: ensure vars are set before being dereferenced (set -u compat)\n - chore: fix indentation\n - chore: fwdb: update to v220+i20220208\n - chore: only attempt to load msr and cpuid module once\n - chore: read_cpuid: use named constants\n - chore: readme: framapic is gone, host the screenshots on GitHub\n - chore: replace \u0027Vulnerable to\u0027 by \u0027Affected by\u0027 in the hw section\n - chore: speculative execution -\u003e transient execution\n - chore: update fwdb to v222+i20220208\n - chore: update Intel Family 6 models\n - chore: wording: model not vulnerable -\u003e model not affected\n - doc: add an FAQ entry about CVE support\n - doc: add an FAQ.md and update the README.md accordingly\n - doc: more FAQ and README\n - doc: readme: make the FAQ entry more visible\n - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied\n - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208\n - feat: add subleaf != 0 support for read_cpuid\n - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)\n - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected\n - feat: hw check: add IPRED, RRSBA, BHI features check\n - feat: implement detection for MCEPSC under BSD\n - feat: set default TMPDIR for Android (#415)\n - fix: extract_kernel: don\u0027t overwrite kernel_err if already set\n - fix: has_vmm false positive with pcp\n - fix: is_ucode_blacklisted: fix some model names\n - fix: mcedb: v191 changed the MCE table format\n - fix: refuse to run under MacOS and ESXi\n - fix: retpoline: detection on 5.15.28+ (#420)\n - fix: variant4: added case where prctl ssbd status is tagged as \u0027unknown\u0027\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-884,SUSE-SLE-Module-Basesystem-15-SP5-2024-884,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-884,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-884,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-884,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-884,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-884,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-884,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-884,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-884,SUSE-Storage-7.1-2024-884,openSUSE-SLE-15.5-2024-884",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0884-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0884-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240884-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0884-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018179.html"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
}
],
"title": "Security update for spectre-meltdown-checker",
"tracking": {
"current_release_date": "2024-03-14T12:26:57Z",
"generator": {
"date": "2024-03-14T12:26:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0884-1",
"initial_release_date": "2024-03-14T12:26:57Z",
"revision_history": [
{
"date": "2024-03-14T12:26:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.i586",
"product": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.i586",
"product_id": "spectre-meltdown-checker-0.46-150100.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"product": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"product_id": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Server 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"openSUSE Leap 15.5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Server 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"openSUSE Leap 15.5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"SUSE Manager Server 4.3:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64",
"openSUSE Leap 15.5:spectre-meltdown-checker-0.46-150100.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-14T12:26:57Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
}
]
}
SUSE-SU-2024:0885-1
Vulnerability from csaf_suse - Published: 2024-03-14 12:27 - Updated: 2024-03-14 12:27Summary
Security update for spectre-meltdown-checker
Severity
Moderate
Notes
Title of the patch: Security update for spectre-meltdown-checker
Description of the patch: This update for spectre-meltdown-checker fixes the following issues:
- updated to 0.46
This release mainly focuses on the detection of the new Zenbleed
(CVE-2023-20593) vulnerability, among few other changes that were in
line waiting for a release:
- feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
- feat: add the linux-firmware repository as another source for CPU microcode versions
- feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
- fix: docker: adding missing utils (#433)
- feat: add support for Guix System kernel
- fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
- fix: a /devnull file was mistakenly created on the filesystem
- fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)
- updated to 0.45
- arm64: phytium: Add CPU Implementer Phytium
- arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
- chore: ensure vars are set before being dereferenced (set -u compat)
- chore: fix indentation
- chore: fwdb: update to v220+i20220208
- chore: only attempt to load msr and cpuid module once
- chore: read_cpuid: use named constants
- chore: readme: framapic is gone, host the screenshots on GitHub
- chore: replace 'Vulnerable to' by 'Affected by' in the hw section
- chore: speculative execution -> transient execution
- chore: update fwdb to v222+i20220208
- chore: update Intel Family 6 models
- chore: wording: model not vulnerable -> model not affected
- doc: add an FAQ entry about CVE support
- doc: add an FAQ.md and update the README.md accordingly
- doc: more FAQ and README
- doc: readme: make the FAQ entry more visible
- feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
- feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
- feat: add subleaf != 0 support for read_cpuid
- feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
- feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
- feat: hw check: add IPRED, RRSBA, BHI features check
- feat: implement detection for MCEPSC under BSD
- feat: set default TMPDIR for Android (#415)
- fix: extract_kernel: don't overwrite kernel_err if already set
- fix: has_vmm false positive with pcp
- fix: is_ucode_blacklisted: fix some model names
- fix: mcedb: v191 changed the MCE table format
- fix: refuse to run under MacOS and ESXi
- fix: retpoline: detection on 5.15.28+ (#420)
- fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
Patchnames: SUSE-2024-885,SUSE-SLE-SERVER-12-SP5-2024-885
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for spectre-meltdown-checker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for spectre-meltdown-checker fixes the following issues:\n\n- updated to 0.46\n This release mainly focuses on the detection of the new Zenbleed\n (CVE-2023-20593) vulnerability, among few other changes that were in\n line waiting for a release:\n - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)\n - feat: add the linux-firmware repository as another source for CPU microcode versions\n - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2\n - fix: docker: adding missing utils (#433)\n - feat: add support for Guix System kernel\n - fix: rewrite SQL to be sqlite3 \u003e= 3.41 compatible (#443)\n - fix: a /devnull file was mistakenly created on the filesystem\n - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)\n\n- updated to 0.45\n - arm64: phytium: Add CPU Implementer Phytium\n - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig\n - chore: ensure vars are set before being dereferenced (set -u compat)\n - chore: fix indentation\n - chore: fwdb: update to v220+i20220208\n - chore: only attempt to load msr and cpuid module once\n - chore: read_cpuid: use named constants\n - chore: readme: framapic is gone, host the screenshots on GitHub\n - chore: replace \u0027Vulnerable to\u0027 by \u0027Affected by\u0027 in the hw section\n - chore: speculative execution -\u003e transient execution\n - chore: update fwdb to v222+i20220208\n - chore: update Intel Family 6 models\n - chore: wording: model not vulnerable -\u003e model not affected\n - doc: add an FAQ entry about CVE support\n - doc: add an FAQ.md and update the README.md accordingly\n - doc: more FAQ and README\n - doc: readme: make the FAQ entry more visible\n - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied\n - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208\n - feat: add subleaf != 0 support for read_cpuid\n - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)\n - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected\n - feat: hw check: add IPRED, RRSBA, BHI features check\n - feat: implement detection for MCEPSC under BSD\n - feat: set default TMPDIR for Android (#415)\n - fix: extract_kernel: don\u0027t overwrite kernel_err if already set\n - fix: has_vmm false positive with pcp\n - fix: is_ucode_blacklisted: fix some model names\n - fix: mcedb: v191 changed the MCE table format\n - fix: refuse to run under MacOS and ESXi\n - fix: retpoline: detection on 5.15.28+ (#420)\n - fix: variant4: added case where prctl ssbd status is tagged as \u0027unknown\u0027\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-885,SUSE-SLE-SERVER-12-SP5-2024-885",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0885-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0885-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240885-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0885-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018178.html"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
}
],
"title": "Security update for spectre-meltdown-checker",
"tracking": {
"current_release_date": "2024-03-14T12:27:32Z",
"generator": {
"date": "2024-03-14T12:27:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0885-1",
"initial_release_date": "2024-03-14T12:27:32Z",
"revision_history": [
{
"date": "2024-03-14T12:27:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spectre-meltdown-checker-0.46-3.9.1.i586",
"product": {
"name": "spectre-meltdown-checker-0.46-3.9.1.i586",
"product_id": "spectre-meltdown-checker-0.46-3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "spectre-meltdown-checker-0.46-3.9.1.x86_64",
"product": {
"name": "spectre-meltdown-checker-0.46-3.9.1.x86_64",
"product_id": "spectre-meltdown-checker-0.46-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-3.9.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spectre-meltdown-checker-0.46-3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"
},
"product_reference": "spectre-meltdown-checker-0.46-3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:spectre-meltdown-checker-0.46-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-03-14T12:27:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
}
]
}
WID-SEC-W-2023-1873
Vulnerability from csaf_certbund - Published: 2023-07-24 22:00 - Updated: 2025-02-16 23:00Summary
AMD Prozessor: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle im AMD Prozessor ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - BIOS/Firmware
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HP Computer
HP
|
cpe:/h:hp:computer:-
|
— | |
|
AMD Prozessor Ryzen PRO 4000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_pro_4000
|
Ryzen PRO 4000 | |
|
Dell Computer Vostro 15 3535
Dell / Computer
|
cpe:/o:dell:dell_computer:vostro_15_3535
|
Vostro 15 3535 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP7 IF02
IBM / QRadar SIEM
|
<7.5.0 UP7 IF02 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source Xen
Open Source
|
cpe:/o:xen:xen:-
|
— | |
|
IGEL OS
IGEL
|
cpe:/o:igel:os:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
AMD Prozessor Ryzen 4000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_4000
|
Ryzen 4000 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
AMD Prozessor Ryzen Threadripper 3000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_threadripper_3000
|
Ryzen Threadripper 3000 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
AMD Prozessor Ryzen 3000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_3000
|
Ryzen 3000 | |
|
AMD Prozessor Ryzen PRO 3000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_pro_3000
|
Ryzen PRO 3000 | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
AMD Prozessor Ryzen 7020
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_7020
|
Ryzen 7020 | |
|
AMD Prozessor EPYC 7002
AMD / Prozessor
|
cpe:/h:amd:amd_processor:epyc_7002
|
EPYC 7002 | |
|
Dell PowerEdge <2.12.3
Dell / PowerEdge
|
<2.12.3 | ||
|
AMD Prozessor Ryzen 5000
AMD / Prozessor
|
cpe:/h:amd:amd_processor:ryzen_5000
|
Ryzen 5000 |
References
129 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle im AMD Prozessor ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1873 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1873.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1873 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1873"
},
{
"category": "external",
"summary": "AMD Security Bulletin - AMD-SB-7008 vom 2023-07-24",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html"
},
{
"category": "external",
"summary": "Citrix Hypervisor Security Update for AMD Zen2 Processors vulnerability - CTX566835",
"url": "https://support.citrix.com/article/CTX566835/citrix-hypervisor-security-update-for-cve202320593"
},
{
"category": "external",
"summary": "Lenovo Security Update for AMD Zen2 Vulnerability - LEN-130057",
"url": "https://support.lenovo.com/us/en/product_security/LEN-130057"
},
{
"category": "external",
"summary": "PoC",
"url": "https://lock.cmpxchg8b.com/zenbleed.html"
},
{
"category": "external",
"summary": "AMD Security Bulletin - AMD-SB-7008 vom 2023-07-24",
"url": "https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8"
},
{
"category": "external",
"summary": "Xen Security Advisory XSA-433",
"url": "https://xenbits.xen.org/xsa/advisory-433.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6244-1 vom 2023-07-25",
"url": "https://ubuntu.com/security/notices/USN-6244-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12654 vom 2023-07-26",
"url": "https://linux.oracle.com/errata/ELSA-2023-12654.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12655 vom 2023-07-26",
"url": "https://linux.oracle.com/errata/ELSA-2023-12655.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12656 vom 2023-07-26",
"url": "https://linux.oracle.com/errata/ELSA-2023-12656.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12657 vom 2023-07-26",
"url": "https://linux.oracle.com/errata/ELSA-2023-12657.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5459 vom 2023-07-27",
"url": "https://www.debian.org/security/2023/dsa-5459"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2986-1 vom 2023-07-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3001-1 vom 2023-07-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015679.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3508 vom 2023-07-27",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3006-1 vom 2023-07-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015680.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5462 vom 2023-07-30",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3019-1 vom 2023-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015692.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5461 vom 2023-07-30",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00153.html"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2023-15 vom 2023-07-28",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-15-zenbleed-vulnerability-90234080.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3022-1 vom 2023-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015689.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3020-1 vom 2023-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015691.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12690 vom 2023-07-31",
"url": "https://linux.oracle.com/errata/ELSA-2023-12690.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12691 vom 2023-07-31",
"url": "https://linux.oracle.com/errata/ELSA-2023-12691.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3511 vom 2023-07-31",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12689 vom 2023-07-31",
"url": "https://linux.oracle.com/errata/ELSA-2023-12689.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12692 vom 2023-07-31",
"url": "https://linux.oracle.com/errata/ELSA-2023-12692.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-260668B8B9 vom 2023-07-31",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-260668b8b9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-38F0879EF3 vom 2023-07-31",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-38f0879ef3"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3512 vom 2023-08-02",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3172-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015771.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3171-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015772.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3182-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015778.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3180-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3206-1 vom 2023-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015795.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-209 vom 2023-08-08",
"url": "https://www.dell.com/support/kbdoc/de-de/000216119/dsa-2023-209-security-update-for-dell-amd-based-poweredge-server-vulnerabilities"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2190 vom 2023-08-09",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2190.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2023-025 vom 2023-08-10",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-025.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2023-050 vom 2023-08-10",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2023-050.html"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04504en_us"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-04473FC41E vom 2023-08-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-04473fc41e"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3302-1 vom 2023-08-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015894.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3318-1 vom 2023-08-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015905.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3324-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015910.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3333-1 vom 2023-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015911.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3349-1 vom 2023-08-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015945.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4696 vom 2023-08-22",
"url": "https://access.redhat.com/errata/RHSA-2023:4696"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4699 vom 2023-08-22",
"url": "https://access.redhat.com/errata/RHSA-2023:4699"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3395-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016013.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3391-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3390-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015998.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3392-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015997.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3421-1 vom 2023-08-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016021.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3446-1 vom 2023-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016031.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3447-1 vom 2023-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016030.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6317-1 vom 2023-08-30",
"url": "https://ubuntu.com/security/notices/USN-6317-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4789 vom 2023-08-29",
"url": "https://access.redhat.com/errata/RHSA-2023:4789"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4819 vom 2023-08-29",
"url": "https://access.redhat.com/errata/RHSA-2023:4819"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6315-1 vom 2023-08-29",
"url": "https://ubuntu.com/security/notices/USN-6315-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4821 vom 2023-08-29",
"url": "https://access.redhat.com/errata/RHSA-2023:4821"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6316-1 vom 2023-08-30",
"url": "https://ubuntu.com/security/notices/USN-6316-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6318-1 vom 2023-08-30",
"url": "https://ubuntu.com/security/notices/USN-6318-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6321-1 vom 2023-08-30",
"url": "https://ubuntu.com/security/notices/USN-6321-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3495-1 vom 2023-08-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016050.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3494-1 vom 2023-08-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016051.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3496-1 vom 2023-08-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016049.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6330-1 vom 2023-09-01",
"url": "https://ubuntu.com/security/notices/USN-6330-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6325-1 vom 2023-08-31",
"url": "https://ubuntu.com/security/notices/USN-6325-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6324-1 vom 2023-08-31",
"url": "https://ubuntu.com/security/notices/USN-6324-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6332-1 vom 2023-09-01",
"url": "https://ubuntu.com/security/notices/USN-6332-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6331-1 vom 2023-09-01",
"url": "https://ubuntu.com/security/notices/USN-6331-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6329-1 vom 2023-09-01",
"url": "https://ubuntu.com/security/notices/USN-6329-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6328-1 vom 2023-09-01",
"url": "https://ubuntu.com/security/notices/USN-6328-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-4819 vom 2023-08-31",
"url": "https://linux.oracle.com/errata/ELSA-2023-4819.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6342-1 vom 2023-09-06",
"url": "https://ubuntu.com/security/notices/USN-6342-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6346-1 vom 2023-09-06",
"url": "https://ubuntu.com/security/notices/USN-6346-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6348-1 vom 2023-09-06",
"url": "https://ubuntu.com/security/notices/USN-6348-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6342-2 vom 2023-09-09",
"url": "https://ubuntu.com/security/notices/USN-6342-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6357-1 vom 2023-09-11",
"url": "https://ubuntu.com/security/notices/USN-6357-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5068 vom 2023-09-12",
"url": "https://access.redhat.com/errata/RHSA-2023:5068"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6385-1 vom 2023-09-19",
"url": "https://ubuntu.com/security/notices/USN-6385-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5244 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5244"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5245 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5245"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5255 vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5255"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5244 vom 2023-09-21",
"url": "https://linux.oracle.com/errata/ELSA-2023-5244.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12836 vom 2023-09-25",
"url": "https://linux.oracle.com/errata/ELSA-2023-12836.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6397-1 vom 2023-09-26",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023092652"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3902-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016466.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3895-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016463.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3903-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016465.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-12839 vom 2023-09-29",
"url": "http://linux.oracle.com/errata/ELSA-2023-12839.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3894-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016464.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5419 vom 2023-10-03",
"url": "https://access.redhat.com/errata/RHSA-2023:5419"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5591 vom 2023-10-11",
"url": "https://access.redhat.com/errata/RHSA-2023:5591"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5607 vom 2023-10-11",
"url": "https://access.redhat.com/errata/RHSA-2023:5607"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-5068 vom 2023-10-25",
"url": "https://linux.oracle.com/errata/ELSA-2023-5068.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7070736 vom 2023-11-10",
"url": "https://www.ibm.com/support/pages/node/7070736"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7244 vom 2023-11-16",
"url": "https://access.redhat.com/errata/RHSA-2023:7244"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7401 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7401"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7389 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7382 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7382"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7513 vom 2023-11-27",
"url": "https://access.redhat.com/errata/RHSA-2023:7513"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7551 vom 2023-11-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7551"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7557 vom 2023-11-29",
"url": "https://access.redhat.com/errata/RHSA-2023:7557"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6532-1 vom 2023-12-06",
"url": "https://ubuntu.com/security/notices/USN-6532-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7665 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7665"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7782 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7782"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7749 vom 2023-12-22",
"url": "https://linux.oracle.com/errata/ELSA-2023-7749.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2023:7513 vom 2024-01-12",
"url": "https://lists.centos.org/pipermail/centos-announce/2024-January/099179.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0402 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0403 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0403"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0561 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0561"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0885-1 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018178.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0884-1 vom 2024-03-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018179.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-027 vom 2024-04-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000216151/dsa-2023-272"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBHF03947 vom 2024-06-07",
"url": "https://support.hp.com/us-en/document/ish_10803022-10803051-16/HPSBHF03947"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14797-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RLB6EQ4PQFULA6326VPRQRWW66T32SST/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14775-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IDYBISXNIKR4JQNKOAZNM4IWBORGXDGT/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14776-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VY6LKWXFA5DZKFFJWA52HJLZ3GJXUDB/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14796-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JRVYJFDMGL4ZFIAYJKJTQHRR5SPMPZJ2/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14777-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/K4CQIJEA5UAOBWUSUVTBHDHKQNBQURQG/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14791-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7ILZHMVR4NNCE6NWCEPZ2BVWZXYSWRTS/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14778-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E3XCURBMJRRPRVU3EVKDNACDUEBSYOCK/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14800-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XIORKETHKWBJRRYF55G3J3DL3T7QGOEL/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14770-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WU6USOH6Z5LBH65E37F7SXQ2ZCYMYO4C/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14787-1 vom 2025-02-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FWMIURVH3RGSXYDDHGU2A5NU4OI3OLPB/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14804-1 vom 2025-02-14",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EISBLM6MW64JFKX5G6QNSKXKI34QXKQ4/"
}
],
"source_lang": "en-US",
"title": "AMD Prozessor: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-02-16T23:00:00.000+00:00",
"generator": {
"date": "2025-02-17T09:16:39.596+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1873",
"initial_release_date": "2023-07-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-07-26T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux, Debian und SUSE aufgenommen"
},
{
"date": "2023-07-27T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2023-07-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian, SUSE und IGEL aufgenommen"
},
{
"date": "2023-07-31T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux, Debian und Fedora aufgenommen"
},
{
"date": "2023-08-02T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-08-03T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-07T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-09T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-22T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-24T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-28T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-29T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2023-08-30T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2023-08-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-09-06T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-09-10T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-09-11T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-09-12T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2023-09-20T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-09-25T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-09-26T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-10-01T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-10T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-11-12T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-15T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-27T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-05T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-12-06T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-13T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-14T23:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "53"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Ryzen 3000",
"product": {
"name": "AMD Prozessor Ryzen 3000",
"product_id": "T028864",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_3000"
}
}
},
{
"category": "product_version",
"name": "Ryzen PRO 3000",
"product": {
"name": "AMD Prozessor Ryzen PRO 3000",
"product_id": "T028865",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_pro_3000"
}
}
},
{
"category": "product_version",
"name": "Ryzen Threadripper 3000",
"product": {
"name": "AMD Prozessor Ryzen Threadripper 3000",
"product_id": "T028867",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_threadripper_3000"
}
}
},
{
"category": "product_version",
"name": "Ryzen 4000",
"product": {
"name": "AMD Prozessor Ryzen 4000",
"product_id": "T028869",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_4000"
}
}
},
{
"category": "product_version",
"name": "Ryzen PRO 4000",
"product": {
"name": "AMD Prozessor Ryzen PRO 4000",
"product_id": "T028870",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_pro_4000"
}
}
},
{
"category": "product_version",
"name": "Ryzen 5000",
"product": {
"name": "AMD Prozessor Ryzen 5000",
"product_id": "T028872",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_5000"
}
}
},
{
"category": "product_version",
"name": "Ryzen 7020",
"product": {
"name": "AMD Prozessor Ryzen 7020",
"product_id": "T028873",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:ryzen_7020"
}
}
},
{
"category": "product_version",
"name": "EPYC 7002",
"product": {
"name": "AMD Prozessor EPYC 7002",
"product_id": "T028874",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:epyc_7002"
}
}
}
],
"category": "product_name",
"name": "Prozessor"
}
],
"category": "vendor",
"name": "AMD"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Vostro 15 3535",
"product": {
"name": "Dell Computer Vostro 15 3535",
"product_id": "T033986",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:vostro_15_3535"
}
}
}
],
"category": "product_name",
"name": "Computer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.12.3",
"product": {
"name": "Dell PowerEdge \u003c2.12.3",
"product_id": "T029125"
}
},
{
"category": "product_version",
"name": "2.12.3",
"product": {
"name": "Dell PowerEdge 2.12.3",
"product_id": "T029125-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:dell:poweredge:2.12.3"
}
}
}
],
"category": "product_name",
"name": "PowerEdge"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T032786",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T027712",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP7 IF02",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP7 IF02",
"product_id": "T031043"
}
},
{
"category": "product_version",
"name": "7.5.0 UP7 IF02",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP7 IF02",
"product_id": "T031043-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up7_if02"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Xen",
"product": {
"name": "Open Source Xen",
"product_id": "T000611",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20593",
"product_status": {
"known_affected": [
"T032786",
"T028870",
"T033986",
"67646",
"T004914",
"T031043",
"74185",
"2951",
"T002207",
"T000611",
"T017865",
"T000126",
"T028869",
"T027843",
"T027712",
"T028867",
"398363",
"T028864",
"T028865",
"1727",
"T028873",
"T028874",
"T029125",
"T028872"
]
},
"release_date": "2023-07-24T22:00:00.000+00:00",
"title": "CVE-2023-20593"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…