[SUSE-SU-2022:3665-1] Security update for xen
Severity
Important
Affected Packages
16
CVEs
8
Security update for xen
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394).
CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
Bugfixes:
Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).
Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081).
Included upstream bugfixes (bsc#1027519).
- ID
- SUSE-SU-2022:3665-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223665-1/
- Published
-
2022-10-19T18:29:23
(23 months ago) - Modified
-
2022-10-19T18:29:23
(23 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2022-1624
- ALAS2-2022-1825
- ALPINE:CVE-2022-26365
- ALPINE:CVE-2022-33740
- ALPINE:CVE-2022-33741
- ALPINE:CVE-2022-33742
- ALPINE:CVE-2022-33745
- ALPINE:CVE-2022-33746
- ALPINE:CVE-2022-33748
- DSA-5191-1
- DSA-5272-1
- FEDORA-2022-2c9f8224f8
- FEDORA-2022-4f7cd241e2
- FEDORA-2022-5b594b82ac
- FEDORA-2022-99af00f60e
- FEDORA-2022-a0d7a5eaf2
- FEDORA-2022-c4ec706488
- FEDORA-2022-d80cc73088
- GLSA-202402-07
- SSA:2022-237-02
- SUSE-SU-2021:1648-1
- SUSE-SU-2022:2377-1
- SUSE-SU-2022:2382-1
- SUSE-SU-2022:2393-1
- SUSE-SU-2022:2407-1
- SUSE-SU-2022:2411-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2557-1
- SUSE-SU-2022:2560-1
- SUSE-SU-2022:2569-1
- SUSE-SU-2022:2574-1
- SUSE-SU-2022:2591-1
- SUSE-SU-2022:2597-1
- SUSE-SU-2022:2599-1
- SUSE-SU-2022:2599-2
- SUSE-SU-2022:2600-1
- SUSE-SU-2022:2601-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:2721-1
- SUSE-SU-2022:2741-1
- SUSE-SU-2022:2809-1
- SUSE-SU-2022:2840-1
- SUSE-SU-2022:2875-1
- SUSE-SU-2022:2875-2
- SUSE-SU-2022:2892-1
- SUSE-SU-2022:2892-2
- SUSE-SU-2022:3727-1
- SUSE-SU-2022:3728-1
- SUSE-SU-2022:3925-1
- SUSE-SU-2022:3928-1
- SUSE-SU-2022:3947-1
- SUSE-SU-2022:3971-1
- SUSE-SU-2022:4007-1
- SUSE-SU-2022:4051-1
- SUSE-SU-2022:4241-1
- USN-5572-1
- USN-5572-2
- USN-5579-1
- USN-5623-1
- USN-5624-1
- USN-5633-1
- USN-5635-1
- USN-5640-1
- USN-5644-1
- USN-5648-1
- USN-5655-1
- USN-5668-1
- USN-5669-1
- USN-5669-2
- USN-5677-1
- USN-5678-1
- USN-5679-1
- USN-5682-1
- USN-5683-1
- USN-5684-1
- USN-5687-1
- USN-5695-1
- USN-5706-1
- USN-5773-1
- USN-5789-1
- XSA-370
- XSA-403
- XSA-408
- XSA-410
- XSA-411
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/xen?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/xen-tools?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-tools | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-tools?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen-tools | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/xen-tools-xendomains-wait-disk?arch=noarch&distro=opensuse-leap-15.3 | suse | xen-tools-xendomains-wait-disk | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | noarch | |
Affected | pkg:rpm/suse/xen-tools-domU?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-tools-domU | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-tools-domU?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen-tools-domU | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=slem-5 | suse | xen-libs | < 4.14.5_06-150300.3.35.1 | slem-5 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-micro-5.2 | suse | xen-libs | < 4.14.5_06-150300.3.35.1 | opensuse-leap-micro-5.2 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-libs | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-libs?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen-libs | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/xen-libs-32bit?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-libs-32bit | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-doc-html?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-doc-html | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-doc-html?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen-doc-html | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/xen-devel?arch=x86_64&distro=opensuse-leap-15.3 | suse | xen-devel | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/xen-devel?arch=aarch64&distro=opensuse-leap-15.3 | suse | xen-devel | < 4.14.5_06-150300.3.35.1 | opensuse-leap-15.3 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |