Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002984 advisory. Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service...

SUSE-SU-2025:4419-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.20.2 jscPED-8907. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to it XSA-476, bsc1252692. Other issues fixed: - Failure...

Linux Distros Unpatched Vulnerability : CVE-2020-25596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state...

Linux Distros Unpatched Vulnerability : CVE-2019-19578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of...

Linux Distros Unpatched Vulnerability : CVE-2022-33745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in...

Linux Distros Unpatched Vulnerability : CVE-2018-19965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service host OS crash because GP0 can occur after a...

ALPINE-CVE-2023-34322

For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on th...

SUSE CVE-2013-2077

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service unhandled exception and hypervisor crash via unspecified vectors...

SUSE CVE-2013-4368

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information hypervisor stack content via unspecified vectors related to stale...

SUSE CVE-2016-7092

The getpagefroml3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables...

SUSE CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

SUSE CVE-2017-12137

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to mapgrantref...

SUSE CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service host OS crash or gain host OS privileges in shadow mode by mapping a certain auxiliary page...

SUSE CVE-2018-7540

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service host OS CPU hang via non-preemptable L3/L4 pagetable freeing...

SUSE CVE-2018-10471

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service out-of-bounds zero write and hypervisor crash via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754...

SUSE CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

SUSE CVE-2019-17346

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers PCID and TLB flushes...

SUSE CVE-2019-19580

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type...

SUSE CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

SUSE CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...