xen (SUSE:Linux Enterprise Module for Server Applications 15 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 SP5 package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2023-34325 — CVSS 7.8 (high): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…
CVE-2022-42335 — CVSS 7.8 (high): x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted…
CVE-2023-34326 — CVSS 7.8 (high): The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as…
CVE-2023-34322 — CVSS 7.8 (high): For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself…
CVE-2024-31146 — CVSS 7.5 (high): When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective…
CVE-2024-31145 — CVSS 7.5 (high): Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for…
CVE-2024-31143 — CVSS 7.5 (high): An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X…
CVE-2024-31142 — CVSS 7.5 (high): Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used…
CVE-2024-45817 — CVSS 7.3 (high): In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore…
CVE-2023-46842 — CVSS 6.5 (medium): Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers…
CVE-2024-45818 — CVSS 6.5 (medium): The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking…
CVE-2022-40982 — CVSS 6.5 (medium): Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R)…
CVE-2023-28746 — CVSS 6.5 (medium): Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R)…
CVE-2023-46841 — CVSS 6.5 (medium): Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS)…
CVE-2024-2193 — CVSS 5.7 (medium): A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre…
CVE-2024-45819 — CVSS 5.5 (medium): PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are…
CVE-2023-20588 — CVSS 5.5 (medium): A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-20593 — CVSS 5.5 (medium): An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive…
CVE-2023-34323 — CVSS 5.5 (medium): When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be…
CVE-2023-34327 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2023-34328 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2023-46835 — CVSS 5.5 (medium): The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of…
CVE-2023-46839 — CVSS 5.3 (medium): PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the…
CVE-2024-2201 — CVSS 4.7 (medium): A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…
CVE-2023-46836 — CVSS 4.7 (medium): The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the…
CVE-2023-20569 — CVSS 4.7 (medium): A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in…
CVE-2023-46840 — CVSS 4.1 (medium): Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM…
CVE-2022-42336 — CVSS 3.3 (low): Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors…