Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-23816 (GCVE-0-2022-23816)
Vulnerability from cvelistv5 – Published: – Updated: 2023-01-17 00:00
VLAI
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23816",
"dateRejected": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2023-01-17T00:00:00.000Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23816\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-01-17T06:15:10.663\",\"lastModified\":\"2023-11-07T03:44:19.220\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.\"}],\"metrics\":{},\"references\":[]}}"
}
}
SUSE-SU-2022:2597-1
Vulnerability from csaf_suse - Published: 2022-07-29 14:12 - Updated: 2022-07-29 14:12Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Patchnames: SUSE-2022-2597,SUSE-SLE-Module-Basesystem-15-SP4-2022-2597,SUSE-SLE-Module-Server-Applications-15-SP4-2022-2597,openSUSE-SLE-15.4-2022-2597
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n\nFixed several upstream bugs (bsc#1027519). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2597,SUSE-SLE-Module-Basesystem-15-SP4-2022-2597,SUSE-SLE-Module-Server-Applications-15-SP4-2022-2597,openSUSE-SLE-15.4-2022-2597",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2597-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2597-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222597-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2597-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011715.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1199965",
"url": "https://bugzilla.suse.com/1199965"
},
{
"category": "self",
"summary": "SUSE Bug 1199966",
"url": "https://bugzilla.suse.com/1199966"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26364 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-29T14:12:11Z",
"generator": {
"date": "2022-07-29T14:12:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2597-1",
"initial_release_date": "2022-07-29T14:12:11Z",
"revision_history": [
{
"date": "2022-07-29T14:12:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-4.16.1_06-150400.4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-devel-4.16.1_06-150400.4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-doc-html-4.16.1_06-150400.4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-libs-4.16.1_06-150400.4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-tools-4.16.1_06-150400.4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"product": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"product_id": "xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.16.1_06-150400.4.8.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.16.1_06-150400.4.8.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.16.1_06-150400.4.8.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.16.1_06-150400.4.8.1.i586",
"product": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.i586",
"product_id": "xen-devel-4.16.1_06-150400.4.8.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_06-150400.4.8.1.i586",
"product": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.i586",
"product_id": "xen-libs-4.16.1_06-150400.4.8.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.i586",
"product": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.i586",
"product_id": "xen-tools-domU-4.16.1_06-150400.4.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-devel-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-doc-html-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-libs-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-tools-4.16.1_06-150400.4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"product": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"product_id": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_06-150400.4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_06-150400.4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64"
},
"product_reference": "xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64"
},
"product_reference": "xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-26364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26364"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26364",
"url": "https://www.suse.com/security/cve/CVE-2022-26364"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26364",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "important"
}
],
"title": "CVE-2022-26364"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-devel-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-doc-html-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-32bit-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-libs-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.aarch64",
"openSUSE Leap 15.4:xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64",
"openSUSE Leap 15.4:xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:12:11Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
SUSE-SU-2022:2599-1
Vulnerability from csaf_suse - Published: 2022-07-29 14:13 - Updated: 2022-07-29 14:13Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Patchnames: SUSE-2022-2599,SUSE-SLE-Module-Basesystem-15-SP3-2022-2599,SUSE-SLE-Module-Server-Applications-15-SP3-2022-2599,SUSE-SUSE-MicroOS-5.1-2022-2599,SUSE-SUSE-MicroOS-5.2-2022-2599,openSUSE-SLE-15.3-2022-2599
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n\nFixed several upstream bugs (bsc#1027519). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2599,SUSE-SLE-Module-Basesystem-15-SP3-2022-2599,SUSE-SLE-Module-Server-Applications-15-SP3-2022-2599,SUSE-SUSE-MicroOS-5.1-2022-2599,SUSE-SUSE-MicroOS-5.2-2022-2599,openSUSE-SLE-15.3-2022-2599",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2599-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2599-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222599-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2599-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011718.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1199965",
"url": "https://bugzilla.suse.com/1199965"
},
{
"category": "self",
"summary": "SUSE Bug 1199966",
"url": "https://bugzilla.suse.com/1199966"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26364 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-29T14:13:25Z",
"generator": {
"date": "2022-07-29T14:13:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2599-1",
"initial_release_date": "2022-07-29T14:13:25Z",
"revision_history": [
{
"date": "2022-07-29T14:13:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-tools-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-tools-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64"
},
"product_reference": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-26364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26364"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26364",
"url": "https://www.suse.com/security/cve/CVE-2022-26364"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26364",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "important"
}
],
"title": "CVE-2022-26364"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"openSUSE Leap 15.3:xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:25Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
SUSE-SU-2022:2599-2
Vulnerability from csaf_suse - Published: 2022-07-29 14:13 - Updated: 2022-07-29 14:13Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Patchnames: SUSE-2022-2599,openSUSE-Leap-Micro-5.2-2022-2599
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n\nFixed several upstream bugs (bsc#1027519). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2599,openSUSE-Leap-Micro-5.2-2022-2599",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2599-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2599-2",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222599-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2599-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012059.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1199965",
"url": "https://bugzilla.suse.com/1199965"
},
{
"category": "self",
"summary": "SUSE Bug 1199966",
"url": "https://bugzilla.suse.com/1199966"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26364 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-29T14:13:30Z",
"generator": {
"date": "2022-07-29T14:13:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2599-2",
"initial_release_date": "2022-07-29T14:13:30Z",
"revision_history": [
{
"date": "2022-07-29T14:13:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-doc-html-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-tools-4.14.5_04-150300.3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.14.5_04-150300.3.32.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-devel-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-devel-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-doc-html-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-libs-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-libs-32bit-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-tools-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-tools-4.14.5_04-150300.3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"product": {
"name": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64",
"product_id": "xen-tools-domU-4.14.5_04-150300.3.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.5_04-150300.3.32.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
},
"product_reference": "xen-libs-4.14.5_04-150300.3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-26364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26364"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26364",
"url": "https://www.suse.com/security/cve/CVE-2022-26364"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26364",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "important"
}
],
"title": "CVE-2022-26364"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap Micro 5.2:xen-libs-4.14.5_04-150300.3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:30Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
SUSE-SU-2022:2600-1
Vulnerability from csaf_suse - Published: 2022-07-29 14:13 - Updated: 2022-07-29 14:13Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Patchnames: SUSE-2022-2600,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2600,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2600,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2600,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2600,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2600,SUSE-Storage-6-2022-2600
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
50 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2600,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2600,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2600,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2600,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2600,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2600,SUSE-Storage-6-2022-2600",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2600-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2600-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222600-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2600-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011720.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199965",
"url": "https://bugzilla.suse.com/1199965"
},
{
"category": "self",
"summary": "SUSE Bug 1199966",
"url": "https://bugzilla.suse.com/1199966"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26364 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-29T14:13:54Z",
"generator": {
"date": "2022-07-29T14:13:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2600-1",
"initial_release_date": "2022-07-29T14:13:54Z",
"revision_history": [
{
"date": "2022-07-29T14:13:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-4.12.4_26-150100.3.75.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-devel-4.12.4_26-150100.3.75.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-doc-html-4.12.4_26-150100.3.75.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-libs-4.12.4_26-150100.3.75.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-tools-4.12.4_26-150100.3.75.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_26-150100.3.75.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_26-150100.3.75.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_26-150100.3.75.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_26-150100.3.75.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-150100.3.75.1.i586",
"product": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.i586",
"product_id": "xen-devel-4.12.4_26-150100.3.75.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-150100.3.75.1.i586",
"product": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.i586",
"product_id": "xen-libs-4.12.4_26-150100.3.75.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.i586",
"product_id": "xen-tools-domU-4.12.4_26-150100.3.75.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-devel-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-doc-html-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-libs-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-tools-4.12.4_26-150100.3.75.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-26364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26364"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26364",
"url": "https://www.suse.com/security/cve/CVE-2022-26364"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26364",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "important"
}
],
"title": "CVE-2022-26364"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Enterprise Storage 6:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-devel-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-libs-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-4.12.4_26-150100.3.75.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:xen-tools-domU-4.12.4_26-150100.3.75.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:13:54Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
SUSE-SU-2022:2601-1
Vulnerability from csaf_suse - Published: 2022-07-29 14:14 - Updated: 2022-07-29 14:14Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Patchnames: SUSE-2022-2601,SUSE-SLE-Product-HPC-15-2022-2601,SUSE-SLE-Product-SLES_SAP-15-2022-2601
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
50 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).\n- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).\n- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).\n- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).\n- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2601,SUSE-SLE-Product-HPC-15-2022-2601,SUSE-SLE-Product-SLES_SAP-15-2022-2601",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2601-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2601-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222601-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2601-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011717.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199965",
"url": "https://bugzilla.suse.com/1199965"
},
{
"category": "self",
"summary": "SUSE Bug 1199966",
"url": "https://bugzilla.suse.com/1199966"
},
{
"category": "self",
"summary": "SUSE Bug 1200549",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "self",
"summary": "SUSE Bug 1201394",
"url": "https://bugzilla.suse.com/1201394"
},
{
"category": "self",
"summary": "SUSE Bug 1201469",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21125 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21166 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23816 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26362 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26363 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26364 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-33745 page",
"url": "https://www.suse.com/security/cve/CVE-2022-33745/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2022-07-29T14:14:13Z",
"generator": {
"date": "2022-07-29T14:14:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2601-1",
"initial_release_date": "2022-07-29T14:14:13Z",
"revision_history": [
{
"date": "2022-07-29T14:14:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-4.10.4_36-150000.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-devel-4.10.4_36-150000.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-doc-html-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-doc-html-4.10.4_36-150000.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-libs-4.10.4_36-150000.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-tools-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-tools-4.10.4_36-150000.3.77.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.aarch64",
"product": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.aarch64",
"product_id": "xen-tools-domU-4.10.4_36-150000.3.77.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.10.4_36-150000.3.77.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.10.4_36-150000.3.77.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.10.4_36-150000.3.77.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_36-150000.3.77.1.i586",
"product": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.i586",
"product_id": "xen-devel-4.10.4_36-150000.3.77.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_36-150000.3.77.1.i586",
"product": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.i586",
"product_id": "xen-libs-4.10.4_36-150000.3.77.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.i586",
"product_id": "xen-tools-domU-4.10.4_36-150000.3.77.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-devel-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-doc-html-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-libs-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-tools-4.10.4_36-150000.3.77.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21123"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21123",
"url": "https://www.suse.com/security/cve/CVE-2022-21123"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209075 for CVE-2022-21123",
"url": "https://bugzilla.suse.com/1209075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-21123"
},
{
"cve": "CVE-2022-21125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21125"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21125",
"url": "https://www.suse.com/security/cve/CVE-2022-21125"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209074 for CVE-2022-21125",
"url": "https://bugzilla.suse.com/1209074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-21125"
},
{
"cve": "CVE-2022-21166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21166"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21166",
"url": "https://www.suse.com/security/cve/CVE-2022-21166"
},
{
"category": "external",
"summary": "SUSE Bug 1199650 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1199650"
},
{
"category": "external",
"summary": "SUSE Bug 1200549 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1200549"
},
{
"category": "external",
"summary": "SUSE Bug 1209073 for CVE-2022-21166",
"url": "https://bugzilla.suse.com/1209073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-21166"
},
{
"cve": "CVE-2022-23816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23816"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23816",
"url": "https://www.suse.com/security/cve/CVE-2022-23816"
},
{
"category": "external",
"summary": "SUSE Bug 1201456 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201456"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23816",
"url": "https://bugzilla.suse.com/1201469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23825"
}
],
"notes": [
{
"category": "general",
"text": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23825",
"url": "https://www.suse.com/security/cve/CVE-2022-23825"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1205209 for CVE-2022-23825",
"url": "https://bugzilla.suse.com/1205209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-26362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26362"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26362",
"url": "https://www.suse.com/security/cve/CVE-2022-26362"
},
{
"category": "external",
"summary": "SUSE Bug 1199965 for CVE-2022-26362",
"url": "https://bugzilla.suse.com/1199965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-26362"
},
{
"cve": "CVE-2022-26363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26363"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26363",
"url": "https://www.suse.com/security/cve/CVE-2022-26363"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26363",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-26363"
},
{
"cve": "CVE-2022-26364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26364"
}
],
"notes": [
{
"category": "general",
"text": "x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen\u0027s safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen\u0027s safety logic doesn\u0027t account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen\u0027s safety logic can incorrectly conclude that the contents of a page is safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26364",
"url": "https://www.suse.com/security/cve/CVE-2022-26364"
},
{
"category": "external",
"summary": "SUSE Bug 1199966 for CVE-2022-26364",
"url": "https://bugzilla.suse.com/1199966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-26364"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-33745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-33745"
}
],
"notes": [
{
"category": "general",
"text": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-33745",
"url": "https://www.suse.com/security/cve/CVE-2022-33745"
},
{
"category": "external",
"summary": "SUSE Bug 1201394 for CVE-2022-33745",
"url": "https://bugzilla.suse.com/1201394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-devel-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-libs-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-4.10.4_36-150000.3.77.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:xen-tools-domU-4.10.4_36-150000.3.77.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-29T14:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-33745"
}
]
}
WID-SEC-W-2022-0659
Vulnerability from csaf_certbund - Published: 2022-07-12 22:00 - Updated: 2023-03-29 22:00Summary
VMware ESXi: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System.
VMware Cloud Foundation ist eine Hybrid Cloud-Plattform für VM-Management und Container-Orchestrierung.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in VMware ESXi und VMware Cloud Foundation ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten können. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Cloud Foundation 4.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:4.x
|
— | |
|
IBM QRadar SIEM < 7.4.3 FP9
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4.3_fp9
|
— | |
|
VMware ESXi 7.0
VMware / ESXi
|
cpe:/o:vmware:esxi:7.0
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
VMware Cloud Foundation 3.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:3.x
|
— | |
|
VMware ESXi 6.5
VMware / ESXi
|
cpe:/o:vmware:esxi:6.5
|
— | |
|
VMware ESXi 6.7
VMware / ESXi
|
cpe:/o:vmware:esxi:6.7
|
— | |
|
IBM QRadar SIEM < 7.5.0 UP4 IF01
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0_up4_if01
|
— |
In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten können. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Cloud Foundation 4.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:4.x
|
— | |
|
IBM QRadar SIEM < 7.4.3 FP9
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4.3_fp9
|
— | |
|
VMware ESXi 7.0
VMware / ESXi
|
cpe:/o:vmware:esxi:7.0
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
VMware Cloud Foundation 3.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:3.x
|
— | |
|
VMware ESXi 6.5
VMware / ESXi
|
cpe:/o:vmware:esxi:6.5
|
— | |
|
VMware ESXi 6.7
VMware / ESXi
|
cpe:/o:vmware:esxi:6.7
|
— | |
|
IBM QRadar SIEM < 7.5.0 UP4 IF01
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0_up4_if01
|
— |
In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten können. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Cloud Foundation 4.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:4.x
|
— | |
|
IBM QRadar SIEM < 7.4.3 FP9
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4.3_fp9
|
— | |
|
VMware ESXi 7.0
VMware / ESXi
|
cpe:/o:vmware:esxi:7.0
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
VMware Cloud Foundation 3.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:3.x
|
— | |
|
VMware ESXi 6.5
VMware / ESXi
|
cpe:/o:vmware:esxi:6.5
|
— | |
|
VMware ESXi 6.7
VMware / ESXi
|
cpe:/o:vmware:esxi:6.7
|
— | |
|
IBM QRadar SIEM < 7.5.0 UP4 IF01
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0_up4_if01
|
— |
In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten können. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Cloud Foundation 4.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:4.x
|
— | |
|
IBM QRadar SIEM < 7.4.3 FP9
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4.3_fp9
|
— | |
|
VMware ESXi 7.0
VMware / ESXi
|
cpe:/o:vmware:esxi:7.0
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
VMware Cloud Foundation 3.x
VMware / Cloud Foundation
|
cpe:/a:vmware:cloud_foundation:3.x
|
— | |
|
VMware ESXi 6.5
VMware / ESXi
|
cpe:/o:vmware:esxi:6.5
|
— | |
|
VMware ESXi 6.7
VMware / ESXi
|
cpe:/o:vmware:esxi:6.7
|
— | |
|
IBM QRadar SIEM < 7.5.0 UP4 IF01
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0_up4_if01
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Virtualisierungssoftware von VMware erm\u00f6glicht die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System.\r\nVMware Cloud Foundation ist eine Hybrid Cloud-Plattform f\u00fcr VM-Management und Container-Orchestrierung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in VMware ESXi und VMware Cloud Foundation ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0659 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0659.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0659 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0659"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6967016 vom 2023-03-29",
"url": "https://www.ibm.com/support/pages/node/6967016"
},
{
"category": "external",
"summary": "VMWare Security Advisory VMSA-2022-0020 vom 2022-07-12",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0020.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8973 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8973"
},
{
"category": "external",
"summary": "Red Hat Bug-Tracker 2090226 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8974"
}
],
"source_lang": "en-US",
"title": "VMware ESXi: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-03-29T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:31:34.587+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0659",
"initial_release_date": "2022-07-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-07-24T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-7BC84AE2CC"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM \u003c 7.4.3 FP9",
"product": {
"name": "IBM QRadar SIEM \u003c 7.4.3 FP9",
"product_id": "T026829",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4.3_fp9"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM \u003c 7.5.0 UP4 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c 7.5.0 UP4 IF01",
"product_id": "T026982",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up4_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VMware Cloud Foundation 4.x",
"product": {
"name": "VMware Cloud Foundation 4.x",
"product_id": "T017893",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:cloud_foundation:4.x"
}
}
},
{
"category": "product_name",
"name": "VMware Cloud Foundation 3.x",
"product": {
"name": "VMware Cloud Foundation 3.x",
"product_id": "T018738",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:cloud_foundation:3.x"
}
}
}
],
"category": "product_name",
"name": "Cloud Foundation"
},
{
"branches": [
{
"category": "product_name",
"name": "VMware ESXi 6.5",
"product": {
"name": "VMware ESXi 6.5",
"product_id": "T010749",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:6.5"
}
}
},
{
"category": "product_name",
"name": "VMware ESXi 6.7",
"product": {
"name": "VMware ESXi 6.7",
"product_id": "T012450",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:6.7"
}
}
},
{
"category": "product_name",
"name": "VMware ESXi 7.0",
"product": {
"name": "VMware ESXi 7.0",
"product_id": "T016618",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:7.0"
}
}
}
],
"category": "product_name",
"name": "ESXi"
}
],
"category": "vendor",
"name": "VMware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23816",
"notes": [
{
"category": "description",
"text": "In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten k\u00f6nnen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T017893",
"T026829",
"T016618",
"67646",
"T018738",
"T010749",
"T012450",
"T026982"
]
},
"release_date": "2022-07-12T22:00:00.000+00:00",
"title": "CVE-2022-23816"
},
{
"cve": "CVE-2022-23825",
"notes": [
{
"category": "description",
"text": "In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten k\u00f6nnen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T017893",
"T026829",
"T016618",
"67646",
"T018738",
"T010749",
"T012450",
"T026982"
]
},
"release_date": "2022-07-12T22:00:00.000+00:00",
"title": "CVE-2022-23825"
},
{
"cve": "CVE-2022-28693",
"notes": [
{
"category": "description",
"text": "In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten k\u00f6nnen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T017893",
"T026829",
"T016618",
"67646",
"T018738",
"T010749",
"T012450",
"T026982"
]
},
"release_date": "2022-07-12T22:00:00.000+00:00",
"title": "CVE-2022-28693"
},
{
"cve": "CVE-2022-29901",
"notes": [
{
"category": "description",
"text": "In VMware ESXi und VMware Cloud Foundation existieren mehrere Schwachstellen. Es handelt sich um Return-to-Stack-Underflows sowie Branch-Type-Confusion-Fehler, welche bei der Nutzung von AMD und Intel Prozessoren auftreten k\u00f6nnen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T017893",
"T026829",
"T016618",
"67646",
"T018738",
"T010749",
"T012450",
"T026982"
]
},
"release_date": "2022-07-12T22:00:00.000+00:00",
"title": "CVE-2022-29901"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…