SUSE-SU-2022:3665-1 -- SLES xenID: oval:org.secpod.oval:def:89047764 | Date: (C)2022-10-28 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions before sharing them with the backend . - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions before sharing them with the backend . - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend . - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend . - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode . - CVE-2021-28689: Fixed speculative vulnerabilities with bare 32-bit PV guests . Bugfixes: - Fixed logic error in built-in default of max_event_channels . - Fixed issue where dom0 fails to boot with constrained vcpus and nodes . - Included upstream bugfixes .
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
SUSE Linux Enterprise Desktop 15 SP3 |