SUSE update for xen
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 26 |
| CVE-ID | CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-26363 CVE-2022-26364 |
| CWE-ID | CWE-669 CWE-200 CWE-400 CWE-755 CWE-763 CWE-399 CWE-269 CWE-674 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system xen-tools-domU-debuginfo Operating systems & Components / Operating system package or component xen-tools-domU Operating systems & Components / Operating system package or component xen-tools-debuginfo Operating systems & Components / Operating system package or component xen-tools Operating systems & Components / Operating system package or component xen-libs-debuginfo Operating systems & Components / Operating system package or component xen-libs Operating systems & Components / Operating system package or component xen-devel Operating systems & Components / Operating system package or component xen-debugsource Operating systems & Components / Operating system package or component xen Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 26 vulnerabilities.
1) Incorrect Resource Transfer Between Spheres
EUVDB-ID: #VU79453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-28689
CWE-ID:
CWE-669 - Incorrect Resource Transfer Between Spheres
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU65345
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26365
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU65346
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33740
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU65351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33741
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU65348
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33742
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU78439
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33746
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when freeing the P2M pool. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper handling of exceptional conditions
EUVDB-ID: #VU79450
Risk: Low
CVSSv4.0: 3.3 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]
CVE-ID: CVE-2022-33748
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. A local user can send specially crafted input and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Release of invalid pointer or reference
EUVDB-ID: #VU70589
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42309
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of a wrong pointer during the node creation in Xenstore. A malicious guest can cause xenstored to crash.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU70588
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42310
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within Xenstore, which can result in orphaned nodes being created and never removed in the Xenstore database. A malicious guest can cause inconsistencies in the xenstored data base, resulting in unusual error responses or memory leaks in xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU70590
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42311
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU70591
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42312
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU70592
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42313
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU70593
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42314
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU70594
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42315
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU70595
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42316
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU70596
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42317
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource management error
EUVDB-ID: #VU70597
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42318
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource exhaustion
EUVDB-ID: #VU70587
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42319
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists in Xenstore due to allocated temporary memory is freed only after the request is completely finished. A malicious guest can allocate large amounts of memory and perform a denial of service (DoS) attack.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper Privilege Management
EUVDB-ID: #VU70586
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-42320
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges.
The vulnerability exists due to improper privilege management in Xenstore. A malicious new guest domain can access resources belonging to a previous domain. The impact depends on the software in use and cal result in a denial of service, information disclosure or privilege escalation.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Uncontrolled Recursion
EUVDB-ID: #VU70585
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42321
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in Xenstore. A malicious guest can create very deep nesting levels of Xenstore nodes and perform stack exhaustion on xenstored.
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource exhaustion
EUVDB-ID: #VU70583
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42322
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource exhaustion
EUVDB-ID: #VU70584
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42323
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource exhaustion
EUVDB-ID: #VU70581
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42325
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.
The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource exhaustion
EUVDB-ID: #VU70582
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-42326
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.
The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).
Update the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU64448
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-26363
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient care with non-coherent mappings. A remote attacker can pass a specially crafted data and trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU64447
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-26364
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient care with non-coherent mappings. A remote attacker can pass a specially crafted data and trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package xen to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-SP1-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-SP1-BCL - 15-SP1-LTSS
xen-tools-domU-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools-domU: before 4.12.4_30-150100.3.80.1
xen-tools-debuginfo: before 4.12.4_30-150100.3.80.1
xen-tools: before 4.12.4_30-150100.3.80.1
xen-libs-debuginfo: before 4.12.4_30-150100.3.80.1
xen-libs: before 4.12.4_30-150100.3.80.1
xen-devel: before 4.12.4_30-150100.3.80.1
xen-debugsource: before 4.12.4_30-150100.3.80.1
xen: before 4.12.4_30-150100.3.80.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-ESPOS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP1-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:xen-tools-domu-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-domu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:xen:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
