Fedora 36 : xen (2023-04b5338dd0)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-04b5338dd0 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

SUSE: Security Advisory (SUSE-SU-2023:0859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0858-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5378-1 : xen - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5378 advisory. - IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. CVE-2022-23824 -...

Fedora 37 : xen (2023-da8315e641)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-da8315e641 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

Fedora 38 : xen (2023-703f133eb3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-703f133eb3 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:0848-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0848-1 advisory. - x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original...

SUSE SLES15 Security Update : xen (SUSE-SU-2023:0847-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0847-1 advisory. - x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work...

CVE-2022-42333

creationtimestamp| type| source ---|---|--- 2023-03-21 15:34:59+00:00| seen| https://t.me/cibsecurity/60374 2023-03-21 15:35:00+00:00| seen| https://t.me/cibsecurity/60376...

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

Design/Logic Flaw

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

Design/Logic Flaw

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

SUSE-SU-2023:0847-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode bsc1209017. - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling bsc1209018. - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL...

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

CVE-2022-42333

CVE-2022-42333 and CVE-2022-42334 pertain to Xen Hypervisor issues: (1) CVE-2022-42333 – mis-handling of HVM pinned cache attributes when controlling domains with passed-through devices, where an interface allows overriding defaults; (2) CVE-2022-42334 – unbounded number of controlled regions and...