Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 12-SP5: SUSE-SU-2022:0469-1 Important: Xen Security Threats

suse
Calendar Grey February 17, 2022
Dist Suse Esm H88
SUSE Security Patch addresses significant vulnerabilities in the xen component, classified with both critical and moderate levels of severity. A system reboot is necessary post-installation.
An update that fixes three vulnerabilities is now available

Summary

This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)

Topics%20covered

Topics Covered

security advisory security update DoS SUSE important issues Xen

References

#1194576 #1194581 #1194588

Cross- CVE-2022-23033 CVE-2022-23034 CVE-2022-23035

CVSS scores:

CVE-2022-23033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23034 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-23035 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

https://www.suse.com/security/cve/CVE-2022-23033.html

https://www.suse.com/security/cve/CVE-2022-23034.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0469-1
Rating: important

Topics%20covered

Topics Covered

security advisory security update DoS SUSE important issues Xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here