SUSE-SU-2022:3928-1 -- SLES xenID: oval:org.secpod.oval:def:89047861 | Date: (C)2022-11-11 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . - CVE-2021-28689: Fixed speculative vulnerabilities with bare 32-bit PV guests . - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitray number of nodes via transactions - CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings . - CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data leaks . - xen: Frontends vulnerable to backends .
Platform: |
SUSE Linux Enterprise Server 15 SP1 |