SUSE-SU-2023:2535-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 19 Jun 2023, 07:52
Last modified:02 May 2025, 04:33

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Jun 2023, 07:52
Published
Vulnerability first disclosed
02 May 2025, 04:33
Last Modified
Vulnerability information updated

Description

Security update for xen This update for xen fixes the following issues: Security fixes: - CVE-2022-42336: Fix an issue where guests configuring AMD Speculative Store Bypass Disable would have no effect (XSA-431) (bsc#1211433). - CVE-2022-42335: Fixed an issue where guests running under shadow mode with a PCI devices passed through could force the hypervisor to dereference arbitrary memory, leading to a denial of service (XSA-430) (bsc#1210315). Non-security fixes: - Fixed a build warning false positive (bsc#1210570). - Added missing debug-info to xen-syms (bsc#1209237). - Updated to version 4.17.1 (bsc#1027519). - Fixed a failure during VM destruction when using host-assisted kexec and kdump (bsc#1209245). - Other upstream fixes (bsc#1027519).

Affected Systems

  • opensusexen&distro=openSUSE Leap 15.5

    < 4.17.1_04-150500.3.3.1

  • susexen&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5

    < 4.17.1_04-150500.3.3.1

  • susexen&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5

    < 4.17.1_04-150500.3.3.1

References (10)