SUSE-SU-2024:1295-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 15 Apr 2024, 16:37
Last modified:04 Feb 2026, 02:40
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Apr 2024, 16:37
Published
Vulnerability first disclosed
04 Feb 2026, 02:40
Last Modified
Vulnerability information updated
Description
Security update for xen This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302) - CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453) Other fixes: - Update to Xen 4.17.4 (bsc#1027519)
Affected Systems
- opensuse•xen&distro=openSUSE Leap 15.5
< 4.17.4_02-150500.3.30.1
- suse•xen&distro=SUSE Linux Enterprise Micro 5.5
< 4.17.4_02-150500.3.30.1
- suse•xen&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
< 4.17.4_02-150500.3.30.1
- suse•xen&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
< 4.17.4_02-150500.3.30.1
References (8)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241295-1/
- https://bugzilla.suse.com/1027519
- https://bugzilla.suse.com/1221984
- https://bugzilla.suse.com/1222302
- https://bugzilla.suse.com/1222453
- https://www.suse.com/security/cve/CVE-2023-46842
- https://www.suse.com/security/cve/CVE-2024-2201
- https://www.suse.com/security/cve/CVE-2024-31142