Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-2193 (GCVE-0-2024-2193)
Vulnerability from cvelistv5 – Published: 2024-03-15 18:03 – Updated: 2025-04-30 23:03
VLAI
EPSS
Title
Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
13 references
Impacted products
Credits
Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T15:31:03.336472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:10:13.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-30T23:03:28.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"tags": [
"x_transferred"
],
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-453.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPU",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "See advisory AMD-SB-7016"
}
]
},
{
"product": "Xen",
"vendor": "Xen",
"versions": [
{
"status": "affected",
"version": "consult Xen advisory XSA-453"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:10:43.337Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/488902"
},
{
"url": "https://xenbits.xen.org/xsa/advisory-453.html"
},
{
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"url": "https://download.vusec.net/papers/ghostrace_sec24.pdf"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/488902"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/12/14"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.",
"x_generator": {
"engine": "VINCE 2.1.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2193",
"datePublished": "2024-03-15T18:03:32.844Z",
"dateReserved": "2024-03-05T15:11:04.573Z",
"dateUpdated": "2025-04-30T23:03:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-2193",
"date": "2026-06-14",
"epss": "0.01089",
"percentile": "0.78415"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.\"}, {\"lang\": \"es\", \"value\": \"Se ha revelado una vulnerabilidad de condici\\u00f3n de ejecuci\\u00f3n especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecuci\\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\\u00f3n para acceder a las rutas de c\\u00f3digo ejecutable especulativas.\"}]",
"id": "CVE-2024-2193",
"lastModified": "2024-11-21T09:09:13.693",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 5.2}]}",
"published": "2024-03-15T18:15:08.530",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://kb.cert.org/vuls/id/488902\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.cert.org/vuls/id/488902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2193\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2024-03-15T18:15:08.530\",\"lastModified\":\"2025-04-30T23:16:01.667\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.\"},{\"lang\":\"es\",\"value\":\"Se ha revelado una vulnerabilidad de Speculative Race Condition (SRC) que afecta a modern CPU architectures que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/12/14\",\"source\":\"cret@cert.org\"},{\"url\":\"https://download.vusec.net/papers/ghostrace_sec24.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\",\"source\":\"cret@cert.org\"},{\"url\":\"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\",\"source\":\"cret@cert.org\"},{\"url\":\"https://kb.cert.org/vuls/id/488902\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/488902\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.vusec.net/projects/ghostrace/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/12/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://download.vusec.net/papers/ghostrace_sec24.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.cert.org/vuls/id/488902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/488902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vusec.net/projects/ghostrace/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.cert.org/vuls/id/488902\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-453.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-30T23:03:28.475Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2193\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-18T15:31:03.336472Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T15:31:09.421Z\"}}], \"cna\": {\"title\": \"Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.\"}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"CPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"See advisory AMD-SB-7016\"}]}, {\"vendor\": \"Xen\", \"product\": \"Xen\", \"versions\": [{\"status\": \"affected\", \"version\": \"consult Xen advisory XSA-453\"}]}], \"references\": [{\"url\": \"https://kb.cert.org/vuls/id/488902\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\"}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\"}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\"}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\"}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 2.1.11\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2024-2193\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2024-05-01T17:10:43.337Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-2193\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T23:03:28.475Z\", \"dateReserved\": \"2024-03-05T15:11:04.573Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2024-03-15T18:03:32.844Z\", \"assignerShortName\": \"certcc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2024:1101-1
Vulnerability from csaf_suse - Published: 2024-04-03 12:09 - Updated: 2024-04-03 12:09Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames: SUSE-2024-1101,SUSE-SLE-Micro-5.3-2024-1101,SUSE-SLE-Micro-5.4-2024-1101,openSUSE-Leap-Micro-5.3-2024-1101,openSUSE-Leap-Micro-5.4-2024-1101
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1101,SUSE-SLE-Micro-5.3-2024-1101,SUSE-SLE-Micro-5.4-2024-1101,openSUSE-Leap-Micro-5.3-2024-1101,openSUSE-Leap-Micro-5.4-2024-1101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1101-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1101-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241101-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1101-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034894.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221332",
"url": "https://bugzilla.suse.com/1221332"
},
{
"category": "self",
"summary": "SUSE Bug 1221334",
"url": "https://bugzilla.suse.com/1221334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2193 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2193/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2024-04-03T12:09:45Z",
"generator": {
"date": "2024-04-03T12:09:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1101-1",
"initial_release_date": "2024-04-03T12:09:45Z",
"revision_history": [
{
"date": "2024-04-03T12:09:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-4.16.5_14-150400.4.52.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-devel-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-devel-4.16.5_14-150400.4.52.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-libs-4.16.5_14-150400.4.52.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-tools-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-tools-4.16.5_14-150400.4.52.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64",
"product": {
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64",
"product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.16.5_14-150400.4.52.1.i586",
"product": {
"name": "xen-devel-4.16.5_14-150400.4.52.1.i586",
"product_id": "xen-devel-4.16.5_14-150400.4.52.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.5_14-150400.4.52.1.i586",
"product": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.i586",
"product_id": "xen-libs-4.16.5_14-150400.4.52.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586",
"product": {
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586",
"product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-devel-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-devel-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-libs-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-tools-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-tools-4.16.5_14-150400.4.52.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64",
"product": {
"name": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64",
"product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
},
"product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
},
"product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
},
"product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
},
"product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T12:09:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2024-2193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2193"
}
],
"notes": [
{
"category": "general",
"text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2193",
"url": "https://www.suse.com/security/cve/CVE-2024-2193"
},
{
"category": "external",
"summary": "SUSE Bug 1217857 for CVE-2024-2193",
"url": "https://bugzilla.suse.com/1217857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64",
"openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T12:09:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-2193"
}
]
}
SUSE-SU-2024:1102-1
Vulnerability from csaf_suse - Published: 2024-04-03 12:10 - Updated: 2024-04-03 12:10Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)
Patchnames: SUSE-2024-1102,SUSE-SLE-Micro-5.5-2024-1102,SUSE-SLE-Module-Basesystem-15-SP5-2024-1102,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1102,openSUSE-SLE-15.5-2024-1102
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1102,SUSE-SLE-Micro-5.5-2024-1102,SUSE-SLE-Module-Basesystem-15-SP5-2024-1102,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1102,openSUSE-SLE-15.5-2024-1102",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1102-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1102-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241102-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1102-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034893.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1219885",
"url": "https://bugzilla.suse.com/1219885"
},
{
"category": "self",
"summary": "SUSE Bug 1221332",
"url": "https://bugzilla.suse.com/1221332"
},
{
"category": "self",
"summary": "SUSE Bug 1221334",
"url": "https://bugzilla.suse.com/1221334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46841 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2193 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2193/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2024-04-03T12:10:18Z",
"generator": {
"date": "2024-04-03T12:10:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1102-1",
"initial_release_date": "2024-04-03T12:10:18Z",
"revision_history": [
{
"date": "2024-04-03T12:10:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-4.17.3_08-150500.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-devel-4.17.3_08-150500.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-libs-4.17.3_08-150500.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-tools-4.17.3_08-150500.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"product": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.17.3_08-150500.3.27.1.i586",
"product": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.i586",
"product_id": "xen-devel-4.17.3_08-150500.3.27.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.3_08-150500.3.27.1.i586",
"product": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.i586",
"product_id": "xen-libs-4.17.3_08-150500.3.27.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586",
"product": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586",
"product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-devel-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-libs-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-tools-4.17.3_08-150500.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"product": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64"
},
"product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64"
},
"product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T12:10:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-46841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46841"
}
],
"notes": [
{
"category": "general",
"text": "Recent x86 CPUs offer functionality named Control-flow Enforcement\nTechnology (CET). A sub-feature of this are Shadow Stacks (CET-SS).\nCET-SS is a hardware feature designed to protect against Return Oriented\nProgramming attacks. When enabled, traditional stacks holding both data\nand return addresses are accompanied by so called \"shadow stacks\",\nholding little more than return addresses. Shadow stacks aren\u0027t\nwritable by normal instructions, and upon function returns their\ncontents are used to check for possible manipulation of a return address\ncoming from the traditional stack.\n\nIn particular certain memory accesses need intercepting by Xen. In\nvarious cases the necessary emulation involves kind of replaying of\nthe instruction. Such replaying typically involves filling and then\ninvoking of a stub. Such a replayed instruction may raise an\nexceptions, which is expected and dealt with accordingly.\n\nUnfortunately the interaction of both of the above wasn\u0027t right:\nRecovery involves removal of a call frame from the (traditional) stack.\nThe counterpart of this operation for the shadow stack was missing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46841",
"url": "https://www.suse.com/security/cve/CVE-2023-46841"
},
{
"category": "external",
"summary": "SUSE Bug 1219885 for CVE-2023-46841",
"url": "https://bugzilla.suse.com/1219885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T12:10:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-46841"
},
{
"cve": "CVE-2024-2193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2193"
}
],
"notes": [
{
"category": "general",
"text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2193",
"url": "https://www.suse.com/security/cve/CVE-2024-2193"
},
{
"category": "external",
"summary": "SUSE Bug 1217857 for CVE-2024-2193",
"url": "https://bugzilla.suse.com/1217857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64",
"openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64",
"openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T12:10:18Z",
"details": "moderate"
}
],
"title": "CVE-2024-2193"
}
]
}
SUSE-SU-2024:1105-1
Vulnerability from csaf_suse - Published: 2024-04-03 13:32 - Updated: 2024-04-03 13:32Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-28746: Register file data sampling. (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames: SUSE-2024-1105,SUSE-SLE-SDK-12-SP5-2024-1105,SUSE-SLE-SERVER-12-SP5-2024-1105
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register file data sampling. (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1105,SUSE-SLE-SDK-12-SP5-2024-1105,SUSE-SLE-SERVER-12-SP5-2024-1105",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1105-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1105-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241105-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1105-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034840.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1220141",
"url": "https://bugzilla.suse.com/1220141"
},
{
"category": "self",
"summary": "SUSE Bug 1221332",
"url": "https://bugzilla.suse.com/1221332"
},
{
"category": "self",
"summary": "SUSE Bug 1221334",
"url": "https://bugzilla.suse.com/1221334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2193 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2193/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2024-04-03T13:32:35Z",
"generator": {
"date": "2024-04-03T13:32:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1105-1",
"initial_release_date": "2024-04-03T13:32:35Z",
"revision_history": [
{
"date": "2024-04-03T13:32:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-4.12.4_46-3.106.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-devel-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-devel-4.12.4_46-3.106.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-doc-html-4.12.4_46-3.106.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-libs-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-libs-4.12.4_46-3.106.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-tools-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-tools-4.12.4_46-3.106.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_46-3.106.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.4_46-3.106.1.aarch64",
"product_id": "xen-tools-domU-4.12.4_46-3.106.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_46-3.106.1.i586",
"product": {
"name": "xen-devel-4.12.4_46-3.106.1.i586",
"product_id": "xen-devel-4.12.4_46-3.106.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_46-3.106.1.i586",
"product": {
"name": "xen-libs-4.12.4_46-3.106.1.i586",
"product_id": "xen-libs-4.12.4_46-3.106.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_46-3.106.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_46-3.106.1.i586",
"product_id": "xen-tools-domU-4.12.4_46-3.106.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-devel-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-doc-html-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-libs-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-tools-4.12.4_46-3.106.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_46-3.106.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_46-3.106.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64"
},
"product_reference": "xen-devel-4.12.4_46-3.106.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T13:32:35Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2024-2193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2193"
}
],
"notes": [
{
"category": "general",
"text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2193",
"url": "https://www.suse.com/security/cve/CVE-2024-2193"
},
{
"category": "external",
"summary": "SUSE Bug 1217857 for CVE-2024-2193",
"url": "https://bugzilla.suse.com/1217857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-03T13:32:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-2193"
}
]
}
SUSE-SU-2024:1152-1
Vulnerability from csaf_suse - Published: 2024-04-08 09:36 - Updated: 2024-04-08 09:36Summary
Security update for xen
Severity
Moderate
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames: SUSE-2024-1152,SUSE-SUSE-MicroOS-5.1-2024-1152,SUSE-SUSE-MicroOS-5.2-2024-1152
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1152,SUSE-SUSE-MicroOS-5.1-2024-1152,SUSE-SUSE-MicroOS-5.2-2024-1152",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1152-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1152-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241152-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1152-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034870.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221332",
"url": "https://bugzilla.suse.com/1221332"
},
{
"category": "self",
"summary": "SUSE Bug 1221334",
"url": "https://bugzilla.suse.com/1221334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2193 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2193/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2024-04-08T09:36:51Z",
"generator": {
"date": "2024-04-08T09:36:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1152-1",
"initial_release_date": "2024-04-08T09:36:51Z",
"revision_history": [
{
"date": "2024-04-08T09:36:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-4.14.6_12-150300.3.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-devel-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-devel-4.14.6_12-150300.3.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-libs-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-libs-4.14.6_12-150300.3.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-tools-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-tools-4.14.6_12-150300.3.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64",
"product": {
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64",
"product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.14.6_12-150300.3.69.1.i586",
"product": {
"name": "xen-devel-4.14.6_12-150300.3.69.1.i586",
"product_id": "xen-devel-4.14.6_12-150300.3.69.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_12-150300.3.69.1.i586",
"product": {
"name": "xen-libs-4.14.6_12-150300.3.69.1.i586",
"product_id": "xen-libs-4.14.6_12-150300.3.69.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586",
"product": {
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586",
"product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-devel-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-devel-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-libs-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-tools-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-tools-4.14.6_12-150300.3.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64",
"product": {
"name": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64",
"product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
},
"product_reference": "xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T09:36:51Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2024-2193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2193"
}
],
"notes": [
{
"category": "general",
"text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2193",
"url": "https://www.suse.com/security/cve/CVE-2024-2193"
},
{
"category": "external",
"summary": "SUSE Bug 1217857 for CVE-2024-2193",
"url": "https://bugzilla.suse.com/1217857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T09:36:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-2193"
}
]
}
SUSE-SU-2024:2535-1
Vulnerability from csaf_suse - Published: 2024-07-16 12:12 - Updated: 2024-07-16 12:12Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (XSA-452, bsc#1221332)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (XSA-453, bsc#1221334)
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
Patchnames: SUSE-2024-2535,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2535
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (XSA-452, bsc#1221332)\n- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (XSA-453, bsc#1221334)\n- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)\n- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)\n- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2535,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2535",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2535-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2535-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242535-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2535-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018986.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214083",
"url": "https://bugzilla.suse.com/1214083"
},
{
"category": "self",
"summary": "SUSE Bug 1221332",
"url": "https://bugzilla.suse.com/1221332"
},
{
"category": "self",
"summary": "SUSE Bug 1221334",
"url": "https://bugzilla.suse.com/1221334"
},
{
"category": "self",
"summary": "SUSE Bug 1221984",
"url": "https://bugzilla.suse.com/1221984"
},
{
"category": "self",
"summary": "SUSE Bug 1222302",
"url": "https://bugzilla.suse.com/1222302"
},
{
"category": "self",
"summary": "SUSE Bug 1222453",
"url": "https://bugzilla.suse.com/1222453"
},
{
"category": "self",
"summary": "SUSE Bug 1227355",
"url": "https://bugzilla.suse.com/1227355"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46842 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2193 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2201 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-31143 page",
"url": "https://www.suse.com/security/cve/CVE-2024-31143/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2024-07-16T12:12:51Z",
"generator": {
"date": "2024-07-16T12:12:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2535-1",
"initial_release_date": "2024-07-16T12:12:51Z",
"revision_history": [
{
"date": "2024-07-16T12:12:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-4.13.5_12-150200.3.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-devel-4.13.5_12-150200.3.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-libs-4.13.5_12-150200.3.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-tools-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-tools-4.13.5_12-150200.3.93.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64",
"product": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64",
"product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.5_12-150200.3.93.1.i586",
"product": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.i586",
"product_id": "xen-devel-4.13.5_12-150200.3.93.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_12-150200.3.93.1.i586",
"product": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.i586",
"product_id": "xen-libs-4.13.5_12-150200.3.93.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586",
"product": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586",
"product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-devel-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-libs-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-tools-4.13.5_12-150200.3.93.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28746"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28746",
"url": "https://www.suse.com/security/cve/CVE-2023-28746"
},
{
"category": "external",
"summary": "SUSE Bug 1213456 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1213456"
},
{
"category": "external",
"summary": "SUSE Bug 1221323 for CVE-2023-28746",
"url": "https://bugzilla.suse.com/1221323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "moderate"
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-46842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46842"
}
],
"notes": [
{
"category": "general",
"text": "Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and\nother modes. This in particular means that they may set registers used\nto pass 32-bit-mode hypercall arguments to values outside of the range\n32-bit code would be able to set them to.\n\nWhen processing of hypercalls takes a considerable amount of time,\nthe hypervisor may choose to invoke a hypercall continuation. Doing so\ninvolves putting (perhaps updated) hypercall arguments in respective\nregisters. For guests not running in 64-bit mode this further involves\na certain amount of translation of the values.\n\nUnfortunately internal sanity checking of these translated values\nassumes high halves of registers to always be clear when invoking a\nhypercall. When this is found not to be the case, it triggers a\nconsistency check in the hypervisor and causes a crash.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46842",
"url": "https://www.suse.com/security/cve/CVE-2023-46842"
},
{
"category": "external",
"summary": "SUSE Bug 1221984 for CVE-2023-46842",
"url": "https://bugzilla.suse.com/1221984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "moderate"
}
],
"title": "CVE-2023-46842"
},
{
"cve": "CVE-2024-2193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2193"
}
],
"notes": [
{
"category": "general",
"text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2193",
"url": "https://www.suse.com/security/cve/CVE-2024-2193"
},
{
"category": "external",
"summary": "SUSE Bug 1217857 for CVE-2024-2193",
"url": "https://bugzilla.suse.com/1217857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-2193"
},
{
"cve": "CVE-2024-2201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2201"
}
],
"notes": [
{
"category": "general",
"text": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2201",
"url": "https://www.suse.com/security/cve/CVE-2024-2201"
},
{
"category": "external",
"summary": "SUSE Bug 1212111 for CVE-2024-2201",
"url": "https://bugzilla.suse.com/1212111"
},
{
"category": "external",
"summary": "SUSE Bug 1217339 for CVE-2024-2201",
"url": "https://bugzilla.suse.com/1217339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-2201"
},
{
"cve": "CVE-2024-31142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31142"
}
],
"notes": [
{
"category": "general",
"text": "Because of a logical error in XSA-407 (Branch Type Confusion), the\nmitigation is not applied properly when it is intended to be used.\nXSA-434 (Speculative Return Stack Overflow) uses the same\ninfrastructure, so is equally impacted.\n\nFor more details, see:\n https://xenbits.xen.org/xsa/advisory-407.html\n https://xenbits.xen.org/xsa/advisory-434.html\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31142",
"url": "https://www.suse.com/security/cve/CVE-2024-31142"
},
{
"category": "external",
"summary": "SUSE Bug 1222302 for CVE-2024-31142",
"url": "https://bugzilla.suse.com/1222302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-31142"
},
{
"cve": "CVE-2024-31143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-31143"
}
],
"notes": [
{
"category": "general",
"text": "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors. Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo. In this handling an error path could be taken in different\nsituations, with or without a particular lock held. This error path\nwrongly releases the lock even when it is not currently held.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-31143",
"url": "https://www.suse.com/security/cve/CVE-2024-31143"
},
{
"category": "external",
"summary": "SUSE Bug 1227355 for CVE-2024-31143",
"url": "https://bugzilla.suse.com/1227355"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-16T12:12:51Z",
"details": "important"
}
],
"title": "CVE-2024-31143"
}
]
}
WID-SEC-W-2024-0601
Vulnerability from csaf_certbund - Published: 2024-03-12 23:00 - Updated: 2024-12-26 23:00Summary
Prozessoren mehrer Hersteller: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Prozessoren mehrerer Hersteller ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Linux
Es besteht eine Schwachstelle in Prozessoren verschiedener Hersteller. Diese Schwachstelle besteht in der Art und Weise wie moderne Prozessoren die Codeausführung optimieren und dafür sorgen, dass verschiedene Threads in der richtigen Reihenfolge ausgeführt werden. Durch Manipulation der spekulativen Ausführung eines Prozessors können Angreifer Threads dazu bringen, nicht mehr synchron zu laufen und somit Race-Conditions erzeugen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMD Prozessor
AMD
|
cpe:/h:amd:amd_processor:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source Xen <4.17
Open Source / Xen
|
<4.17 | ||
|
Open Source Xen <4.18
Open Source / Xen
|
<4.18 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source Xen <4.15
Open Source / Xen
|
<4.15 | ||
|
Open Source Xen <4.16
Open Source / Xen
|
<4.16 |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Prozessoren mehrerer Hersteller ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0601 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0601.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0601 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0601"
},
{
"category": "external",
"summary": "Xen Security Advisory vom 2024-03-12",
"url": "https://seclists.org/oss-sec/2024/q1/220"
},
{
"category": "external",
"summary": "VUSec Advisory vom 2024-03-12",
"url": "https://www.vusec.net/projects/ghostrace/"
},
{
"category": "external",
"summary": "AMD Security Bulletin",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html"
},
{
"category": "external",
"summary": "PoC auf GitHub",
"url": "https://github.com/vusec/ghostrace"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-876E653A1C vom 2024-03-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-876e653a1c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-29F57F1B4E vom 2024-03-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-29f57f1b4e"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9E9F53D01D vom 2024-03-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9e9f53d01d"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3A36322C4B vom 2024-03-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3a36322c4b"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-053 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-053.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-062 vom 2024-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-062.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1105-1 vom 2024-04-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018252.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1102-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018294.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1152-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018271.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1101-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018295.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139682 vom 2024-05-20",
"url": "https://my.f5.com/manage/s/article/K000139682"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2525 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2525.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2535-1 vom 2024-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018986.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-10 vom 2024-09-22",
"url": "https://security.gentoo.org/glsa/202409-10"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5836 vom 2024-12-26",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00252.html"
}
],
"source_lang": "en-US",
"title": "Prozessoren mehrer Hersteller: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2024-12-26T23:00:00.000+00:00",
"generator": {
"date": "2024-12-27T09:02:25.818+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0601",
"initial_release_date": "2024-03-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-13T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-03-21T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-04-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-22T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-12-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMD Prozessor",
"product": {
"name": "AMD Prozessor",
"product_id": "T033378",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:-"
}
}
}
],
"category": "vendor",
"name": "AMD"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel Prozessor",
"product": {
"name": "Intel Prozessor",
"product_id": "T011586",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.15",
"product": {
"name": "Open Source Xen \u003c4.15",
"product_id": "T033374"
}
},
{
"category": "product_version",
"name": "4.15",
"product": {
"name": "Open Source Xen 4.15",
"product_id": "T033374-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16",
"product": {
"name": "Open Source Xen \u003c4.16",
"product_id": "T033375"
}
},
{
"category": "product_version",
"name": "4.16",
"product": {
"name": "Open Source Xen 4.16",
"product_id": "T033375-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.17",
"product": {
"name": "Open Source Xen \u003c4.17",
"product_id": "T033376"
}
},
{
"category": "product_version",
"name": "4.17",
"product": {
"name": "Open Source Xen 4.17",
"product_id": "T033376-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.18",
"product": {
"name": "Open Source Xen \u003c4.18",
"product_id": "T033377"
}
},
{
"category": "product_version",
"name": "4.18",
"product": {
"name": "Open Source Xen 4.18",
"product_id": "T033377-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:xen:xen:4.18"
}
}
}
],
"category": "product_name",
"name": "Xen"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2193",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Prozessoren verschiedener Hersteller. Diese Schwachstelle besteht in der Art und Weise wie moderne Prozessoren die Codeausf\u00fchrung optimieren und daf\u00fcr sorgen, dass verschiedene Threads in der richtigen Reihenfolge ausgef\u00fchrt werden. Durch Manipulation der spekulativen Ausf\u00fchrung eines Prozessors k\u00f6nnen Angreifer Threads dazu bringen, nicht mehr synchron zu laufen und somit Race-Conditions erzeugen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T033378",
"2951",
"T002207",
"T001663",
"T011586",
"398363",
"T012167",
"T033376",
"T033377",
"74185",
"T033374",
"T033375"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-2193"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…