SUSE update for xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33746 CVE-2022-33748 |
| CWE-ID | CWE-669 CWE-200 CWE-400 CWE-755 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system xen-tools-domU-debuginfo Operating systems & Components / Operating system package or component xen-tools-domU Operating systems & Components / Operating system package or component xen-tools-debuginfo Operating systems & Components / Operating system package or component xen-tools Operating systems & Components / Operating system package or component xen-libs-debuginfo Operating systems & Components / Operating system package or component xen-libs-debuginfo-32bit Operating systems & Components / Operating system package or component xen-libs Operating systems & Components / Operating system package or component xen-libs-32bit Operating systems & Components / Operating system package or component xen-doc-html Operating systems & Components / Operating system package or component xen Operating systems & Components / Operating system package or component xen-devel Operating systems & Components / Operating system package or component xen-debugsource Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Incorrect Resource Transfer Between Spheres
EUVDB-ID: #VU79453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28689
CWE-ID:
CWE-669 - Incorrect Resource Transfer Between Spheres
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU65345
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26365
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU65346
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33740
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU65351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33741
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU65348
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33742
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU78439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33746
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when freeing the P2M pool. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper handling of exceptional conditions
EUVDB-ID: #VU79450
Risk: Low
CVSSv4.0: 3.3 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]
CVE-ID: CVE-2022-33748
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. A local user can send specially crafted input and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
xen-tools-domU-debuginfo: before 4.12.4_28-3.77.1
xen-tools-domU: before 4.12.4_28-3.77.1
xen-tools-debuginfo: before 4.12.4_28-3.77.1
xen-tools: before 4.12.4_28-3.77.1
xen-libs-debuginfo: before 4.12.4_28-3.77.1
xen-libs-debuginfo-32bit: before 4.12.4_28-3.77.1
xen-libs: before 4.12.4_28-3.77.1
xen-libs-32bit: before 4.12.4_28-3.77.1
xen-doc-html: before 4.12.4_28-3.77.1
xen: before 4.12.4_28-3.77.1
xen-devel: before 4.12.4_28-3.77.1
xen-debugsource: before 4.12.4_28-3.77.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-doc-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223728-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
