SUSE-SU-2024:1259-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 12 Apr 2024, 13:03
Last modified:04 Feb 2026, 04:14
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Apr 2024, 13:03
Published
Vulnerability first disclosed
04 Feb 2026, 04:14
Last Modified
Vulnerability information updated
Description
Security update for xen This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302) - CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453) Other fixes: - Update to Xen 4.16.6 (bsc#1027519)
Affected Systems
- opensuse•xen&distro=openSUSE Leap Micro 5.3
< 4.16.6_02-150400.4.55.1
- opensuse•xen&distro=openSUSE Leap Micro 5.4
< 4.16.6_02-150400.4.55.1
- suse•xen&distro=SUSE Linux Enterprise Micro 5.3
< 4.16.6_02-150400.4.55.1
- suse•xen&distro=SUSE Linux Enterprise Micro 5.4
< 4.16.6_02-150400.4.55.1
References (8)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241259-1/
- https://bugzilla.suse.com/1027519
- https://bugzilla.suse.com/1221984
- https://bugzilla.suse.com/1222302
- https://bugzilla.suse.com/1222453
- https://www.suse.com/security/cve/CVE-2023-46842
- https://www.suse.com/security/cve/CVE-2024-2201
- https://www.suse.com/security/cve/CVE-2024-31142