Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2557-1 Final 1 1 2022-07-27T08:01:31Z current 2022-07-27T08:01:31Z 2022-07-27T08:01:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-BYOS-2022-2557,Image SLES12-SP5-EC2-ECS-On-Demand-2022-2557,Image SLES12-SP5-EC2-On-Demand-2022-2557,Image SLES12-SP5-EC2-SAP-BYOS-2022-2557,Image SLES12-SP5-EC2-SAP-On-Demand-2022-2557,SUSE-2022-2557,SUSE-SLE-SDK-12-SP5-2022-2557,SUSE-SLE-SERVER-12-SP5-2022-2557 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ Link for SUSE-SU-2022:2557-1 https://lists.suse.com/pipermail/sle-security-updates/2022-July/011677.html E-Mail link for SUSE-SU-2022:2557-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1201394 SUSE Bug 1201394 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://www.suse.com/security/cve/CVE-2022-21123/ SUSE CVE CVE-2022-21123 page https://www.suse.com/security/cve/CVE-2022-21125/ SUSE CVE CVE-2022-21125 page https://www.suse.com/security/cve/CVE-2022-21166/ SUSE CVE CVE-2022-21166 page https://www.suse.com/security/cve/CVE-2022-23816/ SUSE CVE CVE-2022-23816 page https://www.suse.com/security/cve/CVE-2022-23825/ SUSE CVE CVE-2022-23825 page https://www.suse.com/security/cve/CVE-2022-29900/ SUSE CVE CVE-2022-29900 page https://www.suse.com/security/cve/CVE-2022-33745/ SUSE CVE CVE-2022-33745 page Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 xen-libs-4.12.4_26-3.74.1 xen-tools-domU-4.12.4_26-3.74.1 xen-4.12.4_26-3.74.1 xen-devel-4.12.4_26-3.74.1 xen-doc-html-4.12.4_26-3.74.1 xen-libs-32bit-4.12.4_26-3.74.1 xen-libs-64bit-4.12.4_26-3.74.1 xen-tools-4.12.4_26-3.74.1 xen-libs-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-BYOS xen-tools-domU-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-BYOS xen-libs-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-tools-domU-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand xen-libs-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-tools-domU-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-On-Demand xen-libs-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-tools-domU-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS xen-libs-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-tools-domU-4.12.4_26-3.74.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand xen-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-doc-html-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-libs-32bit-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-tools-domU-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server 12 SP5 xen-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-doc-html-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-libs-32bit-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-tools-domU-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 xen-devel-4.12.4_26-3.74.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-21123.html CVE-2022-21123 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209075 SUSE Bug 1209075 Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-21125.html CVE-2022-21125 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209074 SUSE Bug 1209074 Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-21166.html CVE-2022-21166 https://bugzilla.suse.com/1199650 SUSE Bug 1199650 https://bugzilla.suse.com/1200549 SUSE Bug 1200549 https://bugzilla.suse.com/1209073 SUSE Bug 1209073 DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE-2022-23816 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-23816.html CVE-2022-23816 https://bugzilla.suse.com/1201456 SUSE Bug 1201456 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. CVE-2022-23825 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-23825.html CVE-2022-23825 https://bugzilla.suse.com/1201457 SUSE Bug 1201457 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1205209 SUSE Bug 1205209 Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-29900.html CVE-2022-29900 https://bugzilla.suse.com/1199657 SUSE Bug 1199657 https://bugzilla.suse.com/1201469 SUSE Bug 1201469 https://bugzilla.suse.com/1207894 SUSE Bug 1207894 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. CVE-2022-33745 Image SLES12-SP5-EC2-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-ECS-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-BYOS:xen-tools-domU-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-libs-4.12.4_26-3.74.1 Image SLES12-SP5-EC2-SAP-On-Demand:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-doc-html-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-32bit-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-libs-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-4.12.4_26-3.74.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:xen-tools-domU-4.12.4_26-3.74.1 SUSE Linux Enterprise Software Development Kit 12 SP5:xen-devel-4.12.4_26-3.74.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222557-1/ https://www.suse.com/security/cve/CVE-2022-33745.html CVE-2022-33745 https://bugzilla.suse.com/1201394 SUSE Bug 1201394