SUSE-SU-2025:01850-1 Security update for xen

This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks XSA-466 bsc1234282 - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI...

AlmaLinux 8 : kernel-rt (ALSA-2025:3894)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:3894 advisory. kernel: xen: Xen hypercall page unsafe against speculative attacks Xen Security Advisory 466 CVE-2024-53241 kernel: ALSA: usb-audio: Fix out of bounds rea...

Oracle Linux 8 : kernel (ELSA-2025-3893)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-3893 advisory. - ALSA: usb-audio: Fix out of bounds reads when finding clock sources Jarod Wilson RHEL-86737 CVE-2024-53150 - x86/xen: remove hypercall page Vitaly...

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466)

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer usin...

Unbreakable Enterprise kernel security update

5.15.0-307.178.5 - net/mlx5: DR, prevent potential error pointer dereference Dan Carpenter Orabug: 37434242 CVE-2024-56660 - uek-rpm: Set CONFIGIP6NFIPTABLES for ol9/ol8 container kernels Jonah Palmer Orabug: 37703179 - net: hsr: fix fillframeinfo regression vs VLAN packets Eric Dumazet - f2fs:...

SUSE CVE-2025-21950

In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmdioctl In the "pmcmdioctl" function, three memory objects allocated by kmalloc are initialized by "hcallgetcpustate", which are then copied to user space. The...

Linux Distros Unpatched Vulnerability : CVE-2023-46842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass...

Linux Distros Unpatched Vulnerability : CVE-2017-8903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host...

Linux Distros Unpatched Vulnerability : CVE-2015-2752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XENDOMCTLmemorymapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain user...

CVE-2025-21818

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-21818

...

CVE-2025-21818

Removed by vendor...

UBUNTU-CVE-2025-21779

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SENDIPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SENDIPI and SENDIPIEX hypercalls if and only if the local API is emulated/virtualized by KVM, and explicitly reject said...

PT-2025-9009 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, specifically in the xen hypercall hvm function used when running as a Xen PVH guest. This function clobbers the %rbx register,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Do not perform the PV iret hypercall through the hypercall page. Instead of jumping to the Xen hypercall page to execute the iret hypercall, the required sequence is directly coded in the xen-asm.S file. This action is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41087: Fix double free on error bsc1228466. CVE-2024-53095: smb: client: Fix use-after-free of network namespace bsc1233642. CVE-2024-53146: NFSD: Prevent a...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2025:0142-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0142-1 advisory. - CVE-2024-53241: Xen hypercall page unsafe against speculative attacks bsc1234282. Bug fixes: - Update t...

CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...

SUSE CVE-2024-55881

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP,...