Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-2193 (GCVE-0-2024-2193)
Vulnerability from cvelistv5
Published
2024-03-15 18:03
Modified
2025-04-30 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T15:31:03.336472Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T16:10:13.603Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-04-30T23:03:28.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.cert.org/vuls/id/488902" }, { "tags": [ "x_transferred" ], "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "tags": [ "x_transferred" ], "url": "https://www.vusec.net/projects/ghostrace/" }, { "tags": [ "x_transferred" ], "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "tags": [ "x_transferred" ], "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "tags": [ "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/488902" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" }, { "url": "http://xenbits.xen.org/xsa/advisory-453.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CPU", "vendor": "AMD", "versions": [ { "status": "affected", "version": "See advisory AMD-SB-7016" } ] }, { "product": "Xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "consult Xen advisory XSA-453" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T17:10:43.337Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "url": "https://kb.cert.org/vuls/id/488902" }, { "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "url": "https://www.vusec.net/projects/ghostrace/" }, { "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "url": "https://www.kb.cert.org/vuls/id/488902" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" } ], "source": { "discovery": "EXTERNAL" }, "title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.", "x_generator": { "engine": "VINCE 2.1.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193" } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2024-2193", "datePublished": "2024-03-15T18:03:32.844Z", "dateReserved": "2024-03-05T15:11:04.573Z", "dateUpdated": "2025-04-30T23:03:28.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-2193\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2024-03-15T18:15:08.530\",\"lastModified\":\"2025-04-30T23:16:01.667\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.\"},{\"lang\":\"es\",\"value\":\"Se ha revelado una vulnerabilidad de Speculative Race Condition (SRC) que afecta a modern CPU architectures que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/12/14\",\"source\":\"cret@cert.org\"},{\"url\":\"https://download.vusec.net/papers/ghostrace_sec24.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\",\"source\":\"cret@cert.org\"},{\"url\":\"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\",\"source\":\"cret@cert.org\"},{\"url\":\"https://kb.cert.org/vuls/id/488902\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/488902\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.vusec.net/projects/ghostrace/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/12/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://download.vusec.net/papers/ghostrace_sec24.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.cert.org/vuls/id/488902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/488902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vusec.net/projects/ghostrace/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-453.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.cert.org/vuls/id/488902\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-453.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-30T23:03:28.475Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2193\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-18T15:31:03.336472Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T15:31:09.421Z\"}}], \"cna\": {\"title\": \"Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability.\"}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"CPU\", \"versions\": [{\"status\": \"affected\", \"version\": \"See advisory AMD-SB-7016\"}]}, {\"vendor\": \"Xen\", \"product\": \"Xen\", \"versions\": [{\"status\": \"affected\", \"version\": \"consult Xen advisory XSA-453\"}]}], \"references\": [{\"url\": \"https://kb.cert.org/vuls/id/488902\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-453.html\"}, {\"url\": \"https://www.vusec.net/projects/ghostrace/\"}, {\"url\": \"https://download.vusec.net/papers/ghostrace_sec24.pdf\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23\"}, {\"url\": \"https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace\"}, {\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/488902\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/12/14\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 2.1.11\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2024-2193\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2024-05-01T17:10:43.337Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2024-2193\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T23:03:28.475Z\", \"dateReserved\": \"2024-03-05T15:11:04.573Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2024-03-15T18:03:32.844Z\", \"assignerShortName\": \"certcc\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
opensuse-su-2024:13801-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
xen-4.18.1_02-1.1 on GA media
Notes
Title of the patch
xen-4.18.1_02-1.1 on GA media
Description of the patch
These are all security issues fixed in the xen-4.18.1_02-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13801
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "xen-4.18.1_02-1.1 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the xen-4.18.1_02-1.1 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-13801", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13801-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" } ], "title": "xen-4.18.1_02-1.1 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:13801-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.18.1_02-1.1.aarch64", "product": { "name": "xen-4.18.1_02-1.1.aarch64", "product_id": "xen-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.18.1_02-1.1.aarch64", "product": { "name": "xen-devel-4.18.1_02-1.1.aarch64", "product_id": "xen-devel-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.18.1_02-1.1.aarch64", "product": { "name": "xen-doc-html-4.18.1_02-1.1.aarch64", "product_id": "xen-doc-html-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.18.1_02-1.1.aarch64", "product": { "name": "xen-libs-4.18.1_02-1.1.aarch64", "product_id": "xen-libs-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.18.1_02-1.1.aarch64", "product": { "name": "xen-tools-4.18.1_02-1.1.aarch64", "product_id": "xen-tools-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.18.1_02-1.1.aarch64", "product": { "name": "xen-tools-domU-4.18.1_02-1.1.aarch64", "product_id": "xen-tools-domU-4.18.1_02-1.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "product": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "product_id": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-4.18.1_02-1.1.ppc64le", "product_id": "xen-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-devel-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-devel-4.18.1_02-1.1.ppc64le", "product_id": "xen-devel-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-doc-html-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-doc-html-4.18.1_02-1.1.ppc64le", "product_id": "xen-doc-html-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-libs-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-libs-4.18.1_02-1.1.ppc64le", "product_id": "xen-libs-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-tools-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-tools-4.18.1_02-1.1.ppc64le", "product_id": "xen-tools-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-tools-domU-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-tools-domU-4.18.1_02-1.1.ppc64le", "product_id": "xen-tools-domU-4.18.1_02-1.1.ppc64le" } }, { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "product": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "product_id": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "xen-4.18.1_02-1.1.s390x", "product": { "name": "xen-4.18.1_02-1.1.s390x", "product_id": "xen-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-devel-4.18.1_02-1.1.s390x", "product": { "name": "xen-devel-4.18.1_02-1.1.s390x", "product_id": "xen-devel-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-doc-html-4.18.1_02-1.1.s390x", "product": { "name": "xen-doc-html-4.18.1_02-1.1.s390x", "product_id": "xen-doc-html-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-libs-4.18.1_02-1.1.s390x", "product": { "name": "xen-libs-4.18.1_02-1.1.s390x", "product_id": "xen-libs-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-tools-4.18.1_02-1.1.s390x", "product": { "name": "xen-tools-4.18.1_02-1.1.s390x", "product_id": "xen-tools-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-tools-domU-4.18.1_02-1.1.s390x", "product": { "name": "xen-tools-domU-4.18.1_02-1.1.s390x", "product_id": "xen-tools-domU-4.18.1_02-1.1.s390x" } }, { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "product": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "product_id": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "xen-4.18.1_02-1.1.x86_64", "product": { "name": "xen-4.18.1_02-1.1.x86_64", "product_id": "xen-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.18.1_02-1.1.x86_64", "product": { "name": "xen-devel-4.18.1_02-1.1.x86_64", "product_id": "xen-devel-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.18.1_02-1.1.x86_64", "product": { "name": "xen-doc-html-4.18.1_02-1.1.x86_64", "product_id": "xen-doc-html-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.18.1_02-1.1.x86_64", "product": { "name": "xen-libs-4.18.1_02-1.1.x86_64", "product_id": "xen-libs-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.18.1_02-1.1.x86_64", "product": { "name": "xen-tools-4.18.1_02-1.1.x86_64", "product_id": "xen-tools-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.18.1_02-1.1.x86_64", "product": { "name": "xen-tools-domU-4.18.1_02-1.1.x86_64", "product_id": "xen-tools-domU-4.18.1_02-1.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64", "product": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64", "product_id": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x" }, "product_reference": "xen-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-devel-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-devel-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x" }, "product_reference": "xen-devel-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-devel-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-doc-html-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-doc-html-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x" }, "product_reference": "xen-doc-html-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-doc-html-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-libs-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-libs-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x" }, "product_reference": "xen-libs-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-libs-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-tools-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-tools-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x" }, "product_reference": "xen-tools-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-tools-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-tools-domU-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-tools-domU-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x" }, "product_reference": "xen-tools-domU-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-tools-domU-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64" }, "product_reference": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le" }, "product_reference": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x" }, "product_reference": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" }, "product_reference": "xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:xen-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-devel-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-doc-html-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-libs-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-domU-4.18.1_02-1.1.x86_64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.aarch64", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.ppc64le", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.s390x", "openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.18.1_02-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2024-2193" } ] }
suse-su-2024:1152-1
Vulnerability from csaf_suse
Published
2024-04-08 09:36
Modified
2024-04-08 09:36
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames
SUSE-2024-1152,SUSE-SUSE-MicroOS-5.1-2024-1152,SUSE-SUSE-MicroOS-5.2-2024-1152
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for xen", "title": "Title of the patch" }, { "category": "description", "text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-1152,SUSE-SUSE-MicroOS-5.1-2024-1152,SUSE-SUSE-MicroOS-5.2-2024-1152", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1152-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:1152-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241152-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:1152-1", "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034870.html" }, { "category": "self", "summary": "SUSE Bug 1221332", "url": "https://bugzilla.suse.com/1221332" }, { "category": "self", "summary": "SUSE Bug 1221334", "url": "https://bugzilla.suse.com/1221334" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" } ], "title": "Security update for xen", "tracking": { "current_release_date": "2024-04-08T09:36:51Z", "generator": { "date": "2024-04-08T09:36:51Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:1152-1", "initial_release_date": "2024-04-08T09:36:51Z", "revision_history": [ { "date": "2024-04-08T09:36:51Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-4.14.6_12-150300.3.69.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-devel-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-devel-4.14.6_12-150300.3.69.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-doc-html-4.14.6_12-150300.3.69.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-libs-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-libs-4.14.6_12-150300.3.69.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-tools-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-tools-4.14.6_12-150300.3.69.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64", "product": { "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64", "product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32", "product": { "name": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32", "product_id": "xen-libs-64bit-4.14.6_12-150300.3.69.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "xen-devel-4.14.6_12-150300.3.69.1.i586", "product": { "name": "xen-devel-4.14.6_12-150300.3.69.1.i586", "product_id": "xen-devel-4.14.6_12-150300.3.69.1.i586" } }, { "category": "product_version", "name": "xen-libs-4.14.6_12-150300.3.69.1.i586", "product": { "name": "xen-libs-4.14.6_12-150300.3.69.1.i586", "product_id": "xen-libs-4.14.6_12-150300.3.69.1.i586" } }, { "category": "product_version", "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586", "product": { "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586", "product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch", "product": { "name": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch", "product_id": "xen-tools-xendomains-wait-disk-4.14.6_12-150300.3.69.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xen-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-devel-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-devel-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-doc-html-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-libs-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-libs-32bit-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-tools-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-tools-4.14.6_12-150300.3.69.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64", "product": { "name": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64", "product_id": "xen-tools-domU-4.14.6_12-150300.3.69.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Micro 5.1", "product": { "name": "SUSE Linux Enterprise Micro 5.1", "product_id": "SUSE Linux Enterprise Micro 5.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-microos:5.1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Micro 5.2", "product": { "name": "SUSE Linux Enterprise Micro 5.2", "product_id": "SUSE Linux Enterprise Micro 5.2", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-microos:5.2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", "product_id": "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64" }, "product_reference": "xen-libs-4.14.6_12-150300.3.69.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.14.6_12-150300.3.69.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", "product_id": "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" }, "product_reference": "xen-libs-4.14.6_12-150300.3.69.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-08T09:36:51Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_12-150300.3.69.1.x86_64", "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_12-150300.3.69.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-08T09:36:51Z", "details": "moderate" } ], "title": "CVE-2024-2193" } ] }
suse-su-2024:1105-1
Vulnerability from csaf_suse
Published
2024-04-03 13:32
Modified
2024-04-03 13:32
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2023-28746: Register file data sampling. (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames
SUSE-2024-1105,SUSE-SLE-SDK-12-SP5-2024-1105,SUSE-SLE-SERVER-12-SP5-2024-1105
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for xen", "title": "Title of the patch" }, { "category": "description", "text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register file data sampling. (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-1105,SUSE-SLE-SDK-12-SP5-2024-1105,SUSE-SLE-SERVER-12-SP5-2024-1105", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1105-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:1105-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241105-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:1105-1", "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034840.html" }, { "category": "self", "summary": "SUSE Bug 1027519", "url": "https://bugzilla.suse.com/1027519" }, { "category": "self", "summary": "SUSE Bug 1220141", "url": "https://bugzilla.suse.com/1220141" }, { "category": "self", "summary": "SUSE Bug 1221332", "url": "https://bugzilla.suse.com/1221332" }, { "category": "self", "summary": "SUSE Bug 1221334", "url": "https://bugzilla.suse.com/1221334" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" } ], "title": "Security update for xen", "tracking": { "current_release_date": "2024-04-03T13:32:35Z", "generator": { "date": "2024-04-03T13:32:35Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:1105-1", "initial_release_date": "2024-04-03T13:32:35Z", "revision_history": [ { "date": "2024-04-03T13:32:35Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-4.12.4_46-3.106.1.aarch64", "product_id": "xen-4.12.4_46-3.106.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-devel-4.12.4_46-3.106.1.aarch64", "product_id": "xen-devel-4.12.4_46-3.106.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-doc-html-4.12.4_46-3.106.1.aarch64", "product_id": "xen-doc-html-4.12.4_46-3.106.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-libs-4.12.4_46-3.106.1.aarch64", "product_id": "xen-libs-4.12.4_46-3.106.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-tools-4.12.4_46-3.106.1.aarch64", "product_id": "xen-tools-4.12.4_46-3.106.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.12.4_46-3.106.1.aarch64", "product": { "name": "xen-tools-domU-4.12.4_46-3.106.1.aarch64", "product_id": "xen-tools-domU-4.12.4_46-3.106.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32", "product": { "name": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32", "product_id": "xen-libs-64bit-4.12.4_46-3.106.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "xen-devel-4.12.4_46-3.106.1.i586", "product": { "name": "xen-devel-4.12.4_46-3.106.1.i586", "product_id": "xen-devel-4.12.4_46-3.106.1.i586" } }, { "category": "product_version", "name": "xen-libs-4.12.4_46-3.106.1.i586", "product": { "name": "xen-libs-4.12.4_46-3.106.1.i586", "product_id": "xen-libs-4.12.4_46-3.106.1.i586" } }, { "category": "product_version", "name": "xen-tools-domU-4.12.4_46-3.106.1.i586", "product": { "name": "xen-tools-domU-4.12.4_46-3.106.1.i586", "product_id": "xen-tools-domU-4.12.4_46-3.106.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "xen-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-4.12.4_46-3.106.1.x86_64", "product_id": "xen-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-devel-4.12.4_46-3.106.1.x86_64", "product_id": "xen-devel-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-doc-html-4.12.4_46-3.106.1.x86_64", "product_id": "xen-doc-html-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-libs-4.12.4_46-3.106.1.x86_64", "product_id": "xen-libs-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "product_id": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-tools-4.12.4_46-3.106.1.x86_64", "product_id": "xen-tools-4.12.4_46-3.106.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64", "product": { "name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64", "product_id": "xen-tools-domU-4.12.4_46-3.106.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP5", "product": { "name": "SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp5" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.12.4_46-3.106.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64" }, "product_reference": "xen-devel-4.12.4_46-3.106.1.aarch64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-devel-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-doc-html-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-libs-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-tools-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-tools-domU-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-doc-html-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-libs-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-tools-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.12.4_46-3.106.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64" }, "product_reference": "xen-tools-domU-4.12.4_46-3.106.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T13:32:35Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_46-3.106.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_46-3.106.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T13:32:35Z", "details": "moderate" } ], "title": "CVE-2024-2193" } ] }
suse-su-2024:1102-1
Vulnerability from csaf_suse
Published
2024-04-03 12:10
Modified
2024-04-03 12:10
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)
Patchnames
SUSE-2024-1102,SUSE-SLE-Micro-5.5-2024-1102,SUSE-SLE-Module-Basesystem-15-SP5-2024-1102,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1102,openSUSE-SLE-15.5-2024-1102
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for xen", "title": "Title of the patch" }, { "category": "description", "text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-1102,SUSE-SLE-Micro-5.5-2024-1102,SUSE-SLE-Module-Basesystem-15-SP5-2024-1102,SUSE-SLE-Module-Server-Applications-15-SP5-2024-1102,openSUSE-SLE-15.5-2024-1102", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1102-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:1102-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241102-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:1102-1", "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034893.html" }, { "category": "self", "summary": "SUSE Bug 1027519", "url": "https://bugzilla.suse.com/1027519" }, { "category": "self", "summary": "SUSE Bug 1219885", "url": "https://bugzilla.suse.com/1219885" }, { "category": "self", "summary": "SUSE Bug 1221332", "url": "https://bugzilla.suse.com/1221332" }, { "category": "self", "summary": "SUSE Bug 1221334", "url": "https://bugzilla.suse.com/1221334" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2023-46841 page", "url": "https://www.suse.com/security/cve/CVE-2023-46841/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" } ], "title": "Security update for xen", "tracking": { "current_release_date": "2024-04-03T12:10:18Z", "generator": { "date": "2024-04-03T12:10:18Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:1102-1", "initial_release_date": "2024-04-03T12:10:18Z", "revision_history": [ { "date": "2024-04-03T12:10:18Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-4.17.3_08-150500.3.27.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-devel-4.17.3_08-150500.3.27.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-libs-4.17.3_08-150500.3.27.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-tools-4.17.3_08-150500.3.27.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "product": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32", "product": { "name": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32", "product_id": "xen-libs-64bit-4.17.3_08-150500.3.27.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "xen-devel-4.17.3_08-150500.3.27.1.i586", "product": { "name": "xen-devel-4.17.3_08-150500.3.27.1.i586", "product_id": "xen-devel-4.17.3_08-150500.3.27.1.i586" } }, { "category": "product_version", "name": "xen-libs-4.17.3_08-150500.3.27.1.i586", "product": { "name": "xen-libs-4.17.3_08-150500.3.27.1.i586", "product_id": "xen-libs-4.17.3_08-150500.3.27.1.i586" } }, { "category": "product_version", "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586", "product": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586", "product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "product": { "name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "product_id": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xen-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-devel-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-libs-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-tools-4.17.3_08-150500.3.27.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "product": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "product_id": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Micro 5.5", "product": { "name": "SUSE Linux Enterprise Micro 5.5", "product_id": "SUSE Linux Enterprise Micro 5.5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-micro:5.5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5", "product": { "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Module for Server Applications 15 SP5", "product": { "name": "SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp5" } } }, { "category": "product_name", "name": "openSUSE Leap 15.5", "product": { "name": "openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.5" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5", "product_id": "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5", "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-devel-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-tools-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP5", "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" }, "product_reference": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-devel-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-devel-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-libs-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-libs-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-tools-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-tools-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64" }, "product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64" }, "product_reference": "xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" }, "product_reference": "xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "relates_to_product_reference": "openSUSE Leap 15.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T12:10:18Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2023-46841", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-46841" } ], "notes": [ { "category": "general", "text": "Recent x86 CPUs offer functionality named Control-flow Enforcement\nTechnology (CET). A sub-feature of this are Shadow Stacks (CET-SS).\nCET-SS is a hardware feature designed to protect against Return Oriented\nProgramming attacks. When enabled, traditional stacks holding both data\nand return addresses are accompanied by so called \"shadow stacks\",\nholding little more than return addresses. Shadow stacks aren\u0027t\nwritable by normal instructions, and upon function returns their\ncontents are used to check for possible manipulation of a return address\ncoming from the traditional stack.\n\nIn particular certain memory accesses need intercepting by Xen. In\nvarious cases the necessary emulation involves kind of replaying of\nthe instruction. Such replaying typically involves filling and then\ninvoking of a stub. Such a replayed instruction may raise an\nexceptions, which is expected and dealt with accordingly.\n\nUnfortunately the interaction of both of the above wasn\u0027t right:\nRecovery involves removal of a call frame from the (traditional) stack.\nThe counterpart of this operation for the shadow stack was missing.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2023-46841", "url": "https://www.suse.com/security/cve/CVE-2023-46841" }, { "category": "external", "summary": "SUSE Bug 1219885 for CVE-2023-46841", "url": "https://bugzilla.suse.com/1219885" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T12:10:18Z", "details": "moderate" } ], "title": "CVE-2023-46841" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "SUSE Linux Enterprise Module for Server Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-devel-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-doc-html-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-32bit-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-libs-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.aarch64", "openSUSE Leap 15.5:xen-tools-domU-4.17.3_08-150500.3.27.1.x86_64", "openSUSE Leap 15.5:xen-tools-xendomains-wait-disk-4.17.3_08-150500.3.27.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T12:10:18Z", "details": "moderate" } ], "title": "CVE-2024-2193" } ] }
suse-su-2024:2535-1
Vulnerability from csaf_suse
Published
2024-07-16 12:12
Modified
2024-07-16 12:12
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (XSA-452, bsc#1221332)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (XSA-453, bsc#1221334)
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
Patchnames
SUSE-2024-2535,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2535
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for xen", "title": "Title of the patch" }, { "category": "description", "text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (XSA-452, bsc#1221332)\n- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (XSA-453, bsc#1221334)\n- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)\n- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)\n- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-2535,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2535,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2535", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2535-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:2535-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242535-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:2535-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018986.html" }, { "category": "self", "summary": "SUSE Bug 1214083", "url": "https://bugzilla.suse.com/1214083" }, { "category": "self", "summary": "SUSE Bug 1221332", "url": "https://bugzilla.suse.com/1221332" }, { "category": "self", "summary": "SUSE Bug 1221334", "url": "https://bugzilla.suse.com/1221334" }, { "category": "self", "summary": "SUSE Bug 1221984", "url": "https://bugzilla.suse.com/1221984" }, { "category": "self", "summary": "SUSE Bug 1222302", "url": "https://bugzilla.suse.com/1222302" }, { "category": "self", "summary": "SUSE Bug 1222453", "url": "https://bugzilla.suse.com/1222453" }, { "category": "self", "summary": "SUSE Bug 1227355", "url": "https://bugzilla.suse.com/1227355" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2023-46842 page", "url": "https://www.suse.com/security/cve/CVE-2023-46842/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2201 page", "url": "https://www.suse.com/security/cve/CVE-2024-2201/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-31142 page", "url": "https://www.suse.com/security/cve/CVE-2024-31142/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-31143 page", "url": "https://www.suse.com/security/cve/CVE-2024-31143/" } ], "title": "Security update for xen", "tracking": { "current_release_date": "2024-07-16T12:12:51Z", "generator": { "date": "2024-07-16T12:12:51Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:2535-1", "initial_release_date": "2024-07-16T12:12:51Z", "revision_history": [ { "date": "2024-07-16T12:12:51Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-4.13.5_12-150200.3.93.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-devel-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-devel-4.13.5_12-150200.3.93.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-doc-html-4.13.5_12-150200.3.93.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-libs-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-libs-4.13.5_12-150200.3.93.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-tools-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-tools-4.13.5_12-150200.3.93.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64", "product": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64", "product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32", "product": { "name": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32", "product_id": "xen-libs-64bit-4.13.5_12-150200.3.93.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "xen-devel-4.13.5_12-150200.3.93.1.i586", "product": { "name": "xen-devel-4.13.5_12-150200.3.93.1.i586", "product_id": "xen-devel-4.13.5_12-150200.3.93.1.i586" } }, { "category": "product_version", "name": "xen-libs-4.13.5_12-150200.3.93.1.i586", "product": { "name": "xen-libs-4.13.5_12-150200.3.93.1.i586", "product_id": "xen-libs-4.13.5_12-150200.3.93.1.i586" } }, { "category": "product_version", "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586", "product": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586", "product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "product": { "name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "product_id": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xen-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-devel-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-doc-html-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-libs-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-libs-32bit-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-tools-4.13.5_12-150200.3.93.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "product": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "product_id": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15:sp2" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" }, "product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" }, "product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "xen-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "xen-devel-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-devel-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-libs-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64" }, "product_reference": "xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" }, "product_reference": "xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2023-46842", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-46842" } ], "notes": [ { "category": "general", "text": "Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and\nother modes. This in particular means that they may set registers used\nto pass 32-bit-mode hypercall arguments to values outside of the range\n32-bit code would be able to set them to.\n\nWhen processing of hypercalls takes a considerable amount of time,\nthe hypervisor may choose to invoke a hypercall continuation. Doing so\ninvolves putting (perhaps updated) hypercall arguments in respective\nregisters. For guests not running in 64-bit mode this further involves\na certain amount of translation of the values.\n\nUnfortunately internal sanity checking of these translated values\nassumes high halves of registers to always be clear when invoking a\nhypercall. When this is found not to be the case, it triggers a\nconsistency check in the hypervisor and causes a crash.\n", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2023-46842", "url": "https://www.suse.com/security/cve/CVE-2023-46842" }, { "category": "external", "summary": "SUSE Bug 1221984 for CVE-2023-46842", "url": "https://bugzilla.suse.com/1221984" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "moderate" } ], "title": "CVE-2023-46842" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "moderate" } ], "title": "CVE-2024-2193" }, { "cve": "CVE-2024-2201", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2201" } ], "notes": [ { "category": "general", "text": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2201", "url": "https://www.suse.com/security/cve/CVE-2024-2201" }, { "category": "external", "summary": "SUSE Bug 1212111 for CVE-2024-2201", "url": "https://bugzilla.suse.com/1212111" }, { "category": "external", "summary": "SUSE Bug 1217339 for CVE-2024-2201", "url": "https://bugzilla.suse.com/1217339" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "moderate" } ], "title": "CVE-2024-2201" }, { "cve": "CVE-2024-31142", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-31142" } ], "notes": [ { "category": "general", "text": "Because of a logical error in XSA-407 (Branch Type Confusion), the\nmitigation is not applied properly when it is intended to be used.\nXSA-434 (Speculative Return Stack Overflow) uses the same\ninfrastructure, so is equally impacted.\n\nFor more details, see:\n https://xenbits.xen.org/xsa/advisory-407.html\n https://xenbits.xen.org/xsa/advisory-434.html\n", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2024-31142", "url": "https://www.suse.com/security/cve/CVE-2024-31142" }, { "category": "external", "summary": "SUSE Bug 1222302 for CVE-2024-31142", "url": "https://bugzilla.suse.com/1222302" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "moderate" } ], "title": "CVE-2024-31142" }, { "cve": "CVE-2024-31143", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-31143" } ], "notes": [ { "category": "general", "text": "An optional feature of PCI MSI called \"Multiple Message\" allows a\ndevice to use multiple consecutive interrupt vectors. Unlike for MSI-X,\nthe setting up of these consecutive vectors needs to happen all in one\ngo. In this handling an error path could be taken in different\nsituations, with or without a particular lock held. This error path\nwrongly releases the lock even when it is not currently held.\n", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2024-31143", "url": "https://www.suse.com/security/cve/CVE-2024-31143" }, { "category": "external", "summary": "SUSE Bug 1227355 for CVE-2024-31143", "url": "https://bugzilla.suse.com/1227355" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-devel-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-libs-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-domU-4.13.5_12-150200.3.93.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:xen-tools-xendomains-wait-disk-4.13.5_12-150200.3.93.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2024-07-16T12:12:51Z", "details": "important" } ], "title": "CVE-2024-31143" } ] }
suse-su-2024:1101-1
Vulnerability from csaf_suse
Published
2024-04-03 12:09
Modified
2024-04-03 12:09
Summary
Security update for xen
Notes
Title of the patch
Security update for xen
Description of the patch
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
Patchnames
SUSE-2024-1101,SUSE-SLE-Micro-5.3-2024-1101,SUSE-SLE-Micro-5.4-2024-1101,openSUSE-Leap-Micro-5.3-2024-1101,openSUSE-Leap-Micro-5.4-2024-1101
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for xen", "title": "Title of the patch" }, { "category": "description", "text": "This update for xen fixes the following issues:\n\n- CVE-2023-28746: Register File Data Sampling (bsc#1221332)\n- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-1101,SUSE-SLE-Micro-5.3-2024-1101,SUSE-SLE-Micro-5.4-2024-1101,openSUSE-Leap-Micro-5.3-2024-1101,openSUSE-Leap-Micro-5.4-2024-1101", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1101-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:1101-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241101-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:1101-1", "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/034894.html" }, { "category": "self", "summary": "SUSE Bug 1221332", "url": "https://bugzilla.suse.com/1221332" }, { "category": "self", "summary": "SUSE Bug 1221334", "url": "https://bugzilla.suse.com/1221334" }, { "category": "self", "summary": "SUSE CVE CVE-2023-28746 page", "url": "https://www.suse.com/security/cve/CVE-2023-28746/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-2193 page", "url": "https://www.suse.com/security/cve/CVE-2024-2193/" } ], "title": "Security update for xen", "tracking": { "current_release_date": "2024-04-03T12:09:45Z", "generator": { "date": "2024-04-03T12:09:45Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:1101-1", "initial_release_date": "2024-04-03T12:09:45Z", "revision_history": [ { "date": "2024-04-03T12:09:45Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "xen-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-4.16.5_14-150400.4.52.1.aarch64" } }, { "category": "product_version", "name": "xen-devel-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-devel-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-devel-4.16.5_14-150400.4.52.1.aarch64" } }, { "category": "product_version", "name": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-doc-html-4.16.5_14-150400.4.52.1.aarch64" } }, { "category": "product_version", "name": "xen-libs-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-libs-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-libs-4.16.5_14-150400.4.52.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-tools-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-tools-4.16.5_14-150400.4.52.1.aarch64" } }, { "category": "product_version", "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64", "product": { "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64", "product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32", "product": { "name": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32", "product_id": "xen-libs-64bit-4.16.5_14-150400.4.52.1.aarch64_ilp32" } } ], "category": "architecture", "name": "aarch64_ilp32" }, { "branches": [ { "category": "product_version", "name": "xen-devel-4.16.5_14-150400.4.52.1.i586", "product": { "name": "xen-devel-4.16.5_14-150400.4.52.1.i586", "product_id": "xen-devel-4.16.5_14-150400.4.52.1.i586" } }, { "category": "product_version", "name": "xen-libs-4.16.5_14-150400.4.52.1.i586", "product": { "name": "xen-libs-4.16.5_14-150400.4.52.1.i586", "product_id": "xen-libs-4.16.5_14-150400.4.52.1.i586" } }, { "category": "product_version", "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586", "product": { "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586", "product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch", "product": { "name": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch", "product_id": "xen-tools-xendomains-wait-disk-4.16.5_14-150400.4.52.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xen-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-devel-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-devel-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-devel-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-doc-html-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-libs-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-libs-32bit-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-tools-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-tools-4.16.5_14-150400.4.52.1.x86_64" } }, { "category": "product_version", "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64", "product": { "name": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64", "product_id": "xen-tools-domU-4.16.5_14-150400.4.52.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Micro 5.3", "product": { "name": "SUSE Linux Enterprise Micro 5.3", "product_id": "SUSE Linux Enterprise Micro 5.3", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-micro:5.3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Micro 5.4", "product": { "name": "SUSE Linux Enterprise Micro 5.4", "product_id": "SUSE Linux Enterprise Micro 5.4", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-micro:5.4" } } }, { "category": "product_name", "name": "openSUSE Leap Micro 5.3", "product": { "name": "openSUSE Leap Micro 5.3", "product_id": "openSUSE Leap Micro 5.3", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap-micro:5.3" } } }, { "category": "product_name", "name": "openSUSE Leap Micro 5.4", "product": { "name": "openSUSE Leap Micro 5.4", "product_id": "openSUSE Leap Micro 5.4", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap-micro:5.4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3", "product_id": "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64" }, "product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4", "product_id": "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" }, "product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of openSUSE Leap Micro 5.3", "product_id": "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64" }, "product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "relates_to_product_reference": "openSUSE Leap Micro 5.3" }, { "category": "default_component_of", "full_product_name": { "name": "xen-libs-4.16.5_14-150400.4.52.1.x86_64 as component of openSUSE Leap Micro 5.4", "product_id": "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" }, "product_reference": "xen-libs-4.16.5_14-150400.4.52.1.x86_64", "relates_to_product_reference": "openSUSE Leap Micro 5.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28746", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-28746" } ], "notes": [ { "category": "general", "text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-28746", "url": "https://www.suse.com/security/cve/CVE-2023-28746" }, { "category": "external", "summary": "SUSE Bug 1213456 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1213456" }, { "category": "external", "summary": "SUSE Bug 1221323 for CVE-2023-28746", "url": "https://bugzilla.suse.com/1221323" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T12:09:45Z", "details": "moderate" } ], "title": "CVE-2023-28746" }, { "cve": "CVE-2024-2193", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-2193" } ], "notes": [ { "category": "general", "text": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-2193", "url": "https://www.suse.com/security/cve/CVE-2024-2193" }, { "category": "external", "summary": "SUSE Bug 1217857 for CVE-2024-2193", "url": "https://bugzilla.suse.com/1217857" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "SUSE Linux Enterprise Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.3:xen-libs-4.16.5_14-150400.4.52.1.x86_64", "openSUSE Leap Micro 5.4:xen-libs-4.16.5_14-150400.4.52.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-04-03T12:09:45Z", "details": "moderate" } ], "title": "CVE-2024-2193" } ] }
wid-sec-w-2024-0601
Vulnerability from csaf_certbund
Published
2024-03-12 23:00
Modified
2024-12-26 23:00
Summary
Prozessoren mehrer Hersteller: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Prozessoren mehrerer Hersteller ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- BIOS/Firmware
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann eine Schwachstelle in Prozessoren mehrerer Hersteller ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0601 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0601.json" }, { "category": "self", "summary": "WID-SEC-2024-0601 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0601" }, { "category": "external", "summary": "Xen Security Advisory vom 2024-03-12", "url": "https://seclists.org/oss-sec/2024/q1/220" }, { "category": "external", "summary": "VUSec Advisory vom 2024-03-12", "url": "https://www.vusec.net/projects/ghostrace/" }, { "category": "external", "summary": "AMD Security Bulletin", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "category": "external", "summary": "PoC auf GitHub", "url": "https://github.com/vusec/ghostrace" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-876E653A1C vom 2024-03-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-876e653a1c" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-29F57F1B4E vom 2024-03-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-29f57f1b4e" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-9E9F53D01D vom 2024-03-14", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9e9f53d01d" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2024-3A36322C4B vom 2024-03-21", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3a36322c4b" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-053 vom 2024-04-01", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-053.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-062 vom 2024-04-01", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-062.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1105-1 vom 2024-04-03", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018252.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1102-1 vom 2024-04-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018294.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1152-1 vom 2024-04-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018271.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1101-1 vom 2024-04-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018295.html" }, { "category": "external", "summary": "F5 Security Advisory K000139682 vom 2024-05-20", "url": "https://my.f5.com/manage/s/article/K000139682" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2525 vom 2024-06-28", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2525.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2535-1 vom 2024-07-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018986.html" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202409-10 vom 2024-09-22", "url": "https://security.gentoo.org/glsa/202409-10" }, { "category": "external", "summary": "Debian Security Advisory DSA-5836 vom 2024-12-26", "url": "https://lists.debian.org/debian-security-announce/2024/msg00252.html" } ], "source_lang": "en-US", "title": "Prozessoren mehrer Hersteller: Schwachstelle erm\u00f6glicht Offenlegung von Informationen", "tracking": { "current_release_date": "2024-12-26T23:00:00.000+00:00", "generator": { "date": "2024-12-27T09:02:25.818+00:00", "engine": { "name": "BSI-WID", "version": "1.3.10" } }, "id": "WID-SEC-W-2024-0601", "initial_release_date": "2024-03-12T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-12T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-13T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2024-03-14T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2024-03-21T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2024-04-01T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-04-03T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-08T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-20T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von F5 aufgenommen" }, { "date": "2024-06-30T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-07-16T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-09-22T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2024-12-26T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Debian aufgenommen" } ], "status": "final", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "AMD Prozessor", "product": { "name": "AMD Prozessor", "product_id": "T033378", "product_identification_helper": { "cpe": "cpe:/h:amd:amd_processor:-" } } } ], "category": "vendor", "name": "AMD" }, { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP", "product": { "name": "F5 BIG-IP", "product_id": "T001663", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip:-" } } } ], "category": "vendor", "name": "F5" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Intel Prozessor", "product": { "name": "Intel Prozessor", "product_id": "T011586", "product_identification_helper": { "cpe": "cpe:/h:intel:intel_prozessor:-" } } } ], "category": "vendor", "name": "Intel" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c4.15", "product": { "name": "Open Source Xen \u003c4.15", "product_id": "T033374" } }, { "category": "product_version", "name": "4.15", "product": { "name": "Open Source Xen 4.15", "product_id": "T033374-fixed", "product_identification_helper": { "cpe": "cpe:/o:xen:xen:4.15" } } }, { "category": "product_version_range", "name": "\u003c4.16", "product": { "name": "Open Source Xen \u003c4.16", "product_id": "T033375" } }, { "category": "product_version", "name": "4.16", "product": { "name": "Open Source Xen 4.16", "product_id": "T033375-fixed", "product_identification_helper": { "cpe": "cpe:/o:xen:xen:4.16" } } }, { "category": "product_version_range", "name": "\u003c4.17", "product": { "name": "Open Source Xen \u003c4.17", "product_id": "T033376" } }, { "category": "product_version", "name": "4.17", "product": { "name": "Open Source Xen 4.17", "product_id": "T033376-fixed", "product_identification_helper": { "cpe": "cpe:/o:xen:xen:4.17" } } }, { "category": "product_version_range", "name": "\u003c4.18", "product": { "name": "Open Source Xen \u003c4.18", "product_id": "T033377" } }, { "category": "product_version", "name": "4.18", "product": { "name": "Open Source Xen 4.18", "product_id": "T033377-fixed", "product_identification_helper": { "cpe": "cpe:/o:xen:xen:4.18" } } } ], "category": "product_name", "name": "Xen" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2193", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Prozessoren verschiedener Hersteller. Diese Schwachstelle besteht in der Art und Weise wie moderne Prozessoren die Codeausf\u00fchrung optimieren und daf\u00fcr sorgen, dass verschiedene Threads in der richtigen Reihenfolge ausgef\u00fchrt werden. Durch Manipulation der spekulativen Ausf\u00fchrung eines Prozessors k\u00f6nnen Angreifer Threads dazu bringen, nicht mehr synchron zu laufen und somit Race-Conditions erzeugen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T033378", "2951", "T002207", "T001663", "T011586", "398363", "T012167", "T033376", "T033377", "74185", "T033374", "T033375" ] }, "release_date": "2024-03-12T23:00:00.000+00:00", "title": "CVE-2024-2193" } ] }
gsd-2024-2193
Vulnerability from gsd
Modified
2024-03-06 06:02
Details
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-2193" ], "details": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "id": "GSD-2024-2193", "modified": "2024-03-06T06:02:25.210559Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2024-2193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "CPU", "version": { "version_data": [ { "version_affected": "=", "version_value": "See advisory AMD-SB-7016" } ] } } ] }, "vendor_name": "AMD" }, { "product": { "product_data": [ { "product_name": "Xen", "version": { "version_data": [ { "version_affected": "=", "version_value": "consult Xen advisory XSA-453" } ] } } ] }, "vendor_name": "Xen" } ] } }, "credits": [ { "lang": "en", "value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths." } ] }, "generator": { "engine": "VINCE 2.1.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.cert.org/vuls/id/488902", "refsource": "MISC", "url": "https://kb.cert.org/vuls/id/488902" }, { "name": "https://xenbits.xen.org/xsa/advisory-453.html", "refsource": "MISC", "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "name": "https://www.vusec.net/projects/ghostrace/", "refsource": "MISC", "url": "https://www.vusec.net/projects/ghostrace/" }, { "name": "https://download.vusec.net/papers/ghostrace_sec24.pdf", "refsource": "MISC", "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "name": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace", "refsource": "MISC", "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "name": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html", "refsource": "MISC", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "name": "https://www.kb.cert.org/vuls/id/488902", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/488902" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" } ] }, "source": { "discovery": "EXTERNAL" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths." }, { "lang": "es", "value": "Se ha revelado una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas." } ], "id": "CVE-2024-2193", "lastModified": "2024-03-30T04:15:08.650", "metrics": {}, "published": "2024-03-15T18:15:08.530", "references": [ { "source": "cret@cert.org", "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "source": "cret@cert.org", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "source": "cret@cert.org", "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/488902" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "source": "cret@cert.org", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/488902" }, { "source": "cret@cert.org", "url": "https://www.vusec.net/projects/ghostrace/" }, { "source": "cret@cert.org", "url": "https://xenbits.xen.org/xsa/advisory-453.html" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis" } } } }
ghsa-3p53-237x-3cww
Vulnerability from github
Published
2024-03-15 18:30
Modified
2025-05-01 00:32
Severity ?
VLAI Severity ?
Details
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
{ "affected": [], "aliases": [ "CVE-2024-2193" ], "database_specific": { "cwe_ids": [ "CWE-362" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-03-15T18:15:08Z", "severity": "MODERATE" }, "details": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.", "id": "GHSA-3p53-237x-3cww", "modified": "2025-05-01T00:32:28Z", "published": "2024-03-15T18:30:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2193" }, { "type": "WEB", "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "type": "WEB", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "type": "WEB", "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "type": "WEB", "url": "https://kb.cert.org/vuls/id/488902" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A" }, { "type": "WEB", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/488902" }, { "type": "WEB", "url": "https://www.vusec.net/projects/ghostrace" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-453.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }
fkie_cve-2024-2193
Vulnerability from fkie_nvd
Published
2024-03-15 18:15
Modified
2025-04-30 23:16
Severity ?
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
References
▶ | URL | Tags | |
---|---|---|---|
cret@cert.org | http://www.openwall.com/lists/oss-security/2024/03/12/14 | ||
cret@cert.org | https://download.vusec.net/papers/ghostrace_sec24.pdf | ||
cret@cert.org | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23 | ||
cret@cert.org | https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace | ||
cret@cert.org | https://kb.cert.org/vuls/id/488902 | ||
cret@cert.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/ | ||
cret@cert.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/ | ||
cret@cert.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/ | ||
cret@cert.org | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html | ||
cret@cert.org | https://www.kb.cert.org/vuls/id/488902 | ||
cret@cert.org | https://www.vusec.net/projects/ghostrace/ | ||
cret@cert.org | https://xenbits.xen.org/xsa/advisory-453.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/12/14 | ||
af854a3a-2127-422b-91ae-364da2661108 | http://xenbits.xen.org/xsa/advisory-453.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://download.vusec.net/papers/ghostrace_sec24.pdf | ||
af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace | ||
af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/488902 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/488902 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.vusec.net/projects/ghostrace/ | ||
af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xen.org/xsa/advisory-453.html |
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths." }, { "lang": "es", "value": "Se ha revelado una vulnerabilidad de Speculative Race Condition (SRC) que afecta a modern CPU architectures que admiten la ejecuci\u00f3n especulativa (relacionada con Spectre V1). Un atacante no autenticado puede aprovechar esta vulnerabilidad para revelar datos arbitrarios de la CPU utilizando condiciones de ejecuci\u00f3n para acceder a las rutas de c\u00f3digo ejecutable especulativas." } ], "id": "CVE-2024-2193", "lastModified": "2025-04-30T23:16:01.667", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2024-03-15T18:15:08.530", "references": [ { "source": "cret@cert.org", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" }, { "source": "cret@cert.org", "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "source": "cret@cert.org", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "source": "cret@cert.org", "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/488902" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "source": "cret@cert.org", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/488902" }, { "source": "cret@cert.org", "url": "https://www.vusec.net/projects/ghostrace/" }, { "source": "cret@cert.org", "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-453.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.cert.org/vuls/id/488902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/488902" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.vusec.net/projects/ghostrace/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://xenbits.xen.org/xsa/advisory-453.html" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…