Bugzilla – Full Text Bug Listing |
Summary: | VUL-0: CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) | ||
---|---|---|---|
Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Leroy <thomas.leroy> |
Component: | Incidents | Assignee: | Security Team bot <security-team> |
Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
Severity: | Normal | ||
Priority: | P3 - Medium | CC: | abergmann, carlos.lopez, carnold, gabriele.sonnu, jbeulich |
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Other | ||
URL: | https://smash.suse.de/issue/327005/ | ||
Whiteboard: | CVSSv3.1:SUSE:CVE-2022-26358:5.7:(AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) CVSSv3.1:SUSE:CVE-2022-26359:5.7:(AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) CVSSv3.1:SUSE:CVE-2022-26360:5.7:(AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) CVSSv3.1:SUSE:CVE-2022-26361:5.7:(AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) | ||
Found By: | --- | Services Priority: | |
Business Priority: | Blocker: | --- | |
Marketing QA Status: | --- | IT Deployment: | --- |
Attachments: | XSA-400 patches |
Comment 6
Alexander Bergmann
2022-04-05 13:48:21 UTC
This is an autogenerated message for OBS integration: This bug (1197426) was mentioned in https://build.opensuse.org/request/show/967124 Factory / xen Backports and submissions to SLE12-SP2 complete. No further work planned. SUSE-SU-2022:1285-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1196915,1197423,1197425,1197426 CVE References: CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): xen-4.11.4_28-2.73.1 SUSE OpenStack Cloud 9 (src): xen-4.11.4_28-2.73.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): xen-4.11.4_28-2.73.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): xen-4.11.4_28-2.73.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1300-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1194267,1196915,1197423,1197425,1197426 CVE References: CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE Manager Server 4.1 (src): xen-4.13.4_08-150200.3.50.1 SUSE Manager Retail Branch Server 4.1 (src): xen-4.13.4_08-150200.3.50.1 SUSE Manager Proxy 4.1 (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise Micro 5.0 (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): xen-4.13.4_08-150200.3.50.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): xen-4.13.4_08-150200.3.50.1 SUSE Enterprise Storage 7 (src): xen-4.13.4_08-150200.3.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1359-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1196915,1197423,1197425,1197426 CVE References: CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): xen-4.10.4_34-150000.3.74.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): xen-4.10.4_34-150000.3.74.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): xen-4.10.4_34-150000.3.74.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1375-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1182846,1196915,1197423,1197425,1197426 CVE References: CVE-2021-20257,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): xen-4.7.6_22-43.88.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1408-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1196915,1197423,1197425,1197426 CVE References: CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): xen-4.9.4_28-3.103.1 SUSE OpenStack Cloud 8 (src): xen-4.9.4_28-3.103.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): xen-4.9.4_28-3.103.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): xen-4.9.4_28-3.103.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): xen-4.9.4_28-3.103.1 HPE Helion Openstack 8 (src): xen-4.9.4_28-3.103.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1505-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1197423,1197425,1197426 CVE References: CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): xen-4.12.4_22-3.66.1 SUSE Linux Enterprise Server 12-SP5 (src): xen-4.12.4_22-3.66.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:1506-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1197423,1197425,1197426 CVE References: CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 JIRA References: Sources used: openSUSE Leap 15.3 (src): xen-4.14.4_04-150300.3.24.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): xen-4.14.4_04-150300.3.24.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): xen-4.14.4_04-150300.3.24.1 SUSE Linux Enterprise Micro 5.2 (src): xen-4.14.4_04-150300.3.24.1 SUSE Linux Enterprise Micro 5.1 (src): xen-4.14.4_04-150300.3.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2065-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1027519,1197426,1199965,1199966 CVE References: CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 JIRA References: Sources used: openSUSE Leap 15.3 (src): xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.2 (src): xen-4.14.5_02-150300.3.29.1 SUSE Linux Enterprise Micro 5.1 (src): xen-4.14.5_02-150300.3.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:2158-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1197423,1197425,1197426,1199965,1199966 CVE References: CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): xen-4.12.4_24-150100.3.72.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): xen-4.12.4_24-150100.3.72.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): xen-4.12.4_24-150100.3.72.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): xen-4.12.4_24-150100.3.72.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): xen-4.12.4_24-150100.3.72.1 SUSE Enterprise Storage 6 (src): xen-4.12.4_24-150100.3.72.1 SUSE CaaS Platform 4.0 (src): xen-4.12.4_24-150100.3.72.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Released, closing |