Security update for xen

This update for xen fixes the following issues: Update to Xen 4.20.2 jscPED-8907. Security issues fixed: CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to it XSA-476, bsc1252692. Other issues fixed: Failure to...

EUVD-2017-16965

Malware in sbrugna...

EUVD-2019-7754

Malware in sbrugna...

EUVD-2017-7045

Malware in sbrugna...

EUVD-2019-8190

Malware in sbrugna...

EUVD-2013-2056

Malware in sbrugna...

EUVD-2019-7755

Malware in sbrugna...

EUVD-2017-8724

Malware in sbrugna...

EUVD-2019-7758

Malware in sbrugna...

EUVD-2019-7759

Malware in sbrugna...

EUVD-2023-59726

Malicious code in bioql PyPI...

EUVD-2022-38847

Malicious code in bioql PyPI...

EUVD-2022-28145

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-23034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would ha...

Linux Distros Unpatched Vulnerability : CVE-2019-19583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service guest OS crash because VMX VMEntry checks mishand...

Linux Distros Unpatched Vulnerability : CVE-2023-52994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 x86/boot: Skip realmode init code when...

CVE-2023-52994

In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 "x86/boot: Skip realmode init code when running as Xen PV guest" missed one code path accessing realmodeheader, leading to dereferencing NULL when suspending the system under Xen:...

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGSSYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as ther...

CVE-2023-46836

The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown XPTI deliberately left interrupts enabled on two entry...