Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.2 package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (83)
CVE-2025-58142 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2025-27466 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2025-58143 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2022-42309 — CVSS 8.8 (high): Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during…
CVE-2022-33745 — CVSS 8.8 (high): insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV…
CVE-2025-58150 — CVSS 8.8 (high): Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with…
CVE-2022-42333 — CVSS 8.6 (high): x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42332 — CVSS 7.8 (high): x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted…
CVE-2022-26358 — CVSS 7.8 (high): IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2023-34325 — CVSS 7.8 (high): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…
CVE-2023-34322 — CVSS 7.8 (high): For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself…
CVE-2023-34326 — CVSS 7.8 (high): The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as…
CVE-2022-26359 — CVSS 7.8 (high): IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-26360 — CVSS 7.8 (high): IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-26361 — CVSS 7.8 (high): IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2025-1713 — CVSS 7.5 (high): When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required…
CVE-2024-31142 — CVSS 7.5 (high): Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used…
CVE-2025-58149 — CVSS 7.5 (high): When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have…
CVE-2024-31146 — CVSS 7.5 (high): When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective…
CVE-2024-31145 — CVSS 7.5 (high): Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for…
CVE-2024-31143 — CVSS 7.5 (high): An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X…
CVE-2024-45817 — CVSS 7.3 (high): In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore…
CVE-2022-26365 — CVSS 7.1 (high): Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
CVE-2022-33740 — CVSS 7.1 (high): Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
CVE-2022-33741 — CVSS 7.1 (high): Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
CVE-2022-33742 — CVSS 7.1 (high): Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities…
CVE-2022-26357 — CVSS 7.0 (high): race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain…
CVE-2022-42320 — CVSS 7.0 (high): Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone…
CVE-2022-26364 — CVSS 6.7 (medium): x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-26363 — CVSS 6.7 (medium): x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42314 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-23825 — CVSS 6.5 (medium): Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information…
CVE-2022-29900 — CVSS 6.5 (medium): Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-depend…
CVE-2022-33746 — CVSS 6.5 (medium): P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size…
CVE-2022-40982 — CVSS 6.5 (medium): Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R)…
CVE-2022-42311 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42312 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42313 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42315 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42316 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42317 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42318 — CVSS 6.5 (medium): Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42319 — CVSS 6.5 (medium): Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate…
CVE-2022-42321 — CVSS 6.5 (medium): Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting…
CVE-2022-42334 — CVSS 6.5 (medium): x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2023-28746 — CVSS 6.5 (medium): Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R)…
CVE-2023-46841 — CVSS 6.5 (medium): Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS)…
CVE-2023-46842 — CVSS 6.5 (medium): Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers…
CVE-2024-45818 — CVSS 6.5 (medium): The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking…
CVE-2022-26362 — CVSS 6.4 (medium): x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count…
CVE-2024-2193 — CVSS 5.7 (medium): A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre…
CVE-2024-28956 — CVSS 5.6 (medium): Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow…
CVE-2022-33748 — CVSS 5.6 (medium): lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path…
CVE-2024-36350 — CVSS 5.6 (medium): A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting…
CVE-2022-26356 — CVSS 5.6 (medium): Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram…
CVE-2024-36357 — CVSS 5.6 (medium): A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in…
CVE-2023-34328 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2023-46835 — CVSS 5.5 (medium): The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of…
CVE-2022-21125 — CVSS 5.5 (medium): Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable…
CVE-2022-21123 — CVSS 5.5 (medium): Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable…
CVE-2021-28689 — CVSS 5.5 (medium): x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was…
CVE-2022-42310 — CVSS 5.5 (medium): Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious…
CVE-2023-20588 — CVSS 5.5 (medium): A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2022-21166 — CVSS 5.5 (medium): Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to…
CVE-2022-42325 — CVSS 5.5 (medium): Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text…
CVE-2023-34323 — CVSS 5.5 (medium): When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be…
CVE-2022-42323 — CVSS 5.5 (medium): Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…
CVE-2022-42322 — CVSS 5.5 (medium): Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains…
CVE-2023-34327 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2024-45819 — CVSS 5.5 (medium): PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are…
CVE-2024-53241 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of…
CVE-2022-23824 — CVSS 5.5 (medium): IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information…
CVE-2022-42331 — CVSS 5.5 (medium): x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one…
CVE-2022-42326 — CVSS 5.5 (medium): Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text…
CVE-2023-20593 — CVSS 5.5 (medium): An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive…
CVE-2023-46839 — CVSS 5.3 (medium): PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the…
CVE-2023-46836 — CVSS 4.7 (medium): The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the…
CVE-2024-2201 — CVSS 4.7 (medium): A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…
CVE-2023-20569 — CVSS 4.7 (medium): A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in…
CVE-2025-27465 — CVSS 4.3 (medium): Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an…
CVE-2022-33747 — CVSS 3.8 (low): Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M…
CVE-2026-23553 — CVSS 2.9 (low): In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run…
CVE-2022-23816: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.