Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2065-1 Final 1 1 2022-06-13T13:36:00Z current 2022-06-13T13:36:00Z 2022-06-13T13:36:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP3-BYOS-Azure-2022-2065,Image SLES15-SP3-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-BYOS-GCE-2022-2065,Image SLES15-SP3-CHOST-BYOS-Aliyun-2022-2065,Image SLES15-SP3-CHOST-BYOS-Azure-2022-2065,Image SLES15-SP3-CHOST-BYOS-EC2-2022-2065,Image SLES15-SP3-CHOST-BYOS-GCE-2022-2065,Image SLES15-SP3-CHOST-BYOS-SAP-CCloud-2022-2065,Image SLES15-SP3-HPC-BYOS-Azure-2022-2065,Image SLES15-SP3-HPC-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-HPC-BYOS-GCE-2022-2065,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure-2022-2065,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE-2022-2065,Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure-2022-2065,Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE-2022-2065,Image SLES15-SP3-Micro-5-1-BYOS-Azure-2022-2065,Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-Micro-5-1-BYOS-GCE-2022-2065,Image SLES15-SP3-Micro-5-2-BYOS-Azure-2022-2065,Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-Micro-5-2-BYOS-GCE-2022-2065,Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2022-2065,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2022-2065,Image SLES15-SP3-SAP-BYOS-Azure-2022-2065,Image SLES15-SP3-SAP-BYOS-EC2-HVM-2022-2065,Image SLES15-SP3-SAP-BYOS-GCE-2022-2065,Image SLES15-SP3-SAPCAL-Azure-2022-2065,Image SLES15-SP3-SAPCAL-EC2-HVM-2022-2065,Image SLES15-SP3-SAPCAL-GCE-2022-2065,SUSE-2022-2065,SUSE-SLE-Module-Basesystem-15-SP3-2022-2065,SUSE-SLE-Module-Server-Applications-15-SP3-2022-2065,SUSE-SUSE-MicroOS-5.1-2022-2065,SUSE-SUSE-MicroOS-5.2-2022-2065,openSUSE-SLE-15.3-2022-2065 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ Link for SUSE-SU-2022:2065-1 https://lists.suse.com/pipermail/sle-security-updates/2022-June/011276.html E-Mail link for SUSE-SU-2022:2065-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027519 SUSE Bug 1027519 https://bugzilla.suse.com/1197426 SUSE Bug 1197426 https://bugzilla.suse.com/1199965 SUSE Bug 1199965 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 https://www.suse.com/security/cve/CVE-2022-26358/ SUSE CVE CVE-2022-26358 page https://www.suse.com/security/cve/CVE-2022-26359/ SUSE CVE CVE-2022-26359 page https://www.suse.com/security/cve/CVE-2022-26360/ SUSE CVE CVE-2022-26360 page https://www.suse.com/security/cve/CVE-2022-26361/ SUSE CVE CVE-2022-26361 page https://www.suse.com/security/cve/CVE-2022-26362/ SUSE CVE CVE-2022-26362 page https://www.suse.com/security/cve/CVE-2022-26363/ SUSE CVE CVE-2022-26363 page https://www.suse.com/security/cve/CVE-2022-26364/ SUSE CVE CVE-2022-26364 page Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-EC2-HVM Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-CHOST-BYOS-Aliyun Image SLES15-SP3-CHOST-BYOS-Azure Image SLES15-SP3-CHOST-BYOS-EC2 Image SLES15-SP3-CHOST-BYOS-GCE Image SLES15-SP3-CHOST-BYOS-SAP-CCloud Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-EC2-HVM Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP3-Micro-5-1-BYOS-Azure Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-1-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-EC2-HVM Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 openSUSE Leap 15.3 xen-libs-4.14.5_02-150300.3.29.1 xen-tools-domU-4.14.5_02-150300.3.29.1 xen-4.14.5_02-150300.3.29.1 xen-devel-4.14.5_02-150300.3.29.1 xen-doc-html-4.14.5_02-150300.3.29.1 xen-libs-32bit-4.14.5_02-150300.3.29.1 xen-libs-64bit-4.14.5_02-150300.3.29.1 xen-tools-4.14.5_02-150300.3.29.1 xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-Aliyun xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-EC2 xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-EC2 xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-CHOST-BYOS-SAP-CCloud xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-HPC-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-HPC-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-HPC-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-HPC-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-BYOS-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-BYOS-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAP-BYOS-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAPCAL-Azure xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM xen-libs-4.14.5_02-150300.3.29.1 as a component of Image SLES15-SP3-SAPCAL-GCE xen-libs-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Micro 5.1 xen-libs-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Micro 5.2 xen-libs-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 xen-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 xen-devel-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 xen-tools-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 xen-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-devel-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-doc-html-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-libs-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-libs-32bit-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-tools-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-tools-domU-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 as a component of openSUSE Leap 15.3 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26358 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26358.html CVE-2022-26358 https://bugzilla.suse.com/1197426 SUSE Bug 1197426 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26359 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26359.html CVE-2022-26359 https://bugzilla.suse.com/1197426 SUSE Bug 1197426 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26360 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26360.html CVE-2022-26360 https://bugzilla.suse.com/1197426 SUSE Bug 1197426 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. CVE-2022-26361 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26361.html CVE-2022-26361 https://bugzilla.suse.com/1197426 SUSE Bug 1197426 x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26362.html CVE-2022-26362 https://bugzilla.suse.com/1199965 SUSE Bug 1199965 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26363.html CVE-2022-26363 https://bugzilla.suse.com/1199966 SUSE Bug 1199966 x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26364 Image SLES15-SP3-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-EC2:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-HPC-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAP-BYOS-GCE:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-Azure:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-libs-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-EC2-HVM:xen-tools-domU-4.14.5_02-150300.3.29.1 Image SLES15-SP3-SAPCAL-GCE:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-libs-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:xen-tools-domU-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-devel-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-devel-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-doc-html-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-32bit-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-libs-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-domU-4.14.5_02-150300.3.29.1 openSUSE Leap 15.3:xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222065-1/ https://www.suse.com/security/cve/CVE-2022-26364.html CVE-2022-26364 https://bugzilla.suse.com/1199966 SUSE Bug 1199966