Bug 1203806 – VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410)

Bug 1203806 - (CVE-2022-33746) VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410)

(CVE-2022-33746)
Summary:	VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410)

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/343669/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-33746:5.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-09-27 15:47 UTC by Carlos López
Modified:	2022-12-06 17:22 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Patches (70.38 KB, application/zip) 2022-09-27 15:47 UTC, Carlos López	Details
v2 patches (70.41 KB, application/zip) 2022-09-30 07:11 UTC, Carlos López	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2022-09-27 15:47:51 UTC

Created attachment 861780 [details]
Patches

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2022-33746 / XSA-410

              P2M pool freeing may take excessively long

              *** EMBARGOED UNTIL 2022-10-11 12:00 UTC ***

ISSUE DESCRIPTION
=================

The P2M pool backing second level address translation for guests may be
of significant size.  Therefore its freeing may take more time than is
reasonable without intermediate preemption checks.  Such checking for
the need to preempt was so far missing.

IMPACT
======

A group of collaborating guests can cause the temporary locking up of a
CPU, potentially leading to a Denial of Service (DoS) affecting the
entire host.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

x86 HVM and PVH guests as well as Arm guests can trigger the
vulnerability.  x86 PV guests cannot trigger the vulnerability.

MITIGATION
==========

Running only PV guests will avoid the vulnerability.

RESOLUTION
==========

Applying the appropriate set of attached patches resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa410/xsa410-??.patch           xen-unstable
xsa410/xsa410-4.16-??.patch      Xen 4.16.x - 4.15.x
xsa410/xsa410-4.14-??.patch      Xen 4.14.x
xsa410/xsa410-4.13-??.patch      Xen 4.13.x

$ sha256sum xsa410* xsa410*/*
70b2f2c880b30094c9bdbd3ae4b20b32acfc8daf94d5add5884998ff20ffc0e7  xsa410.meta
632f4d71bc9dfc5ddcf649b1e484a918b4cb3d270dedad3b904bf4552318ae0d  xsa410/xsa410-01.patch
a2c1e6871a76b9d0c7f54b5557c6d0e1a02423bca5b27354aa7e872b0016047e  xsa410/xsa410-02.patch
61b8c71ad199dfa9762e739a592aa0a7f3b79d42e88d80a9589a993c768352be  xsa410/xsa410-03.patch
fb11b3d730bb665add2447b8f2258755604ce51e0ccc0731cddd938a538b051f  xsa410/xsa410-4.13-01.patch
ce5e780fdd162a1961fb0d51ccd7db8c3b2cedcee444ee3a58569bd8bbcfd6e8  xsa410/xsa410-4.13-02.patch
33514a6bf40d6c73fa7ca064b3e0401048f87eecbd007601bca6943b58f5c4b5  xsa410/xsa410-4.13-03.patch
af7d5eeda27e789c91e39b58110b25b668ecc241ed87bf4d75d9ff2bf647c660  xsa410/xsa410-4.13-04.patch
972e95787d635056bb0476bff990af0957d9669b4b4948975a74ed085b9fdc38  xsa410/xsa410-4.13-05.patch
4587ff1246f1ea59053e76cdded0e42aba8e747123c8b37b7fe4e03f39d3a447  xsa410/xsa410-4.13-06.patch
99a2a83ea89aa0a79c3cd938917d6b7de1e7e52ec744fb2e0ed1ed2a577cb203  xsa410/xsa410-4.13-07.patch
b36cc0d96111dbf65b7fefbce5fe9c5fe737dca24453f10f76253ce5bdcbb37d  xsa410/xsa410-4.13-08.patch
b548a1ba8082e5dbb35943bbacc5391766343c373c6edd2eb96d430cacdac00b  xsa410/xsa410-4.13-09.patch
a548e25f801c45c792dcd8d159d843a3224a1207a384ed9efe3623b73969ec1e  xsa410/xsa410-4.13-10.patch
0b91fcfc0a29428cfc06f4f1ddb01f5d1e7f144eae05635f2e9ef46dd7b33f0a  xsa410/xsa410-4.14-01.patch
a7a7e7e9529e91454035ad468c46faae34638be1f5f0694e1fe352c6c1acff06  xsa410/xsa410-4.14-02.patch
75bb2296a9f8adeb0ae3fc330f158614aab94a9263aba99730fe31d71be93d62  xsa410/xsa410-4.14-03.patch
8ad3dc1957fdb440e0bbd3b8e17286361ddfa6bb748ba6d48cc85ca8e88862ba  xsa410/xsa410-4.14-04.patch
5aba547158d8f182eb8a148a03c3c69741d264b568a80b349c34b99e36e75647  xsa410/xsa410-4.14-05.patch
5b343f47ce34c53a0cf300a05ccd6898f695e62ced4b0f14d64c9947c8c17250  xsa410/xsa410-4.14-06.patch
d34f3107061f13fdd1338d78544584d3509f8f7dabde78027f308c934cfeeb10  xsa410/xsa410-4.14-07.patch
8ccce0e109f6e0957643a04c822b7637b2cc7094ab73c4b19898657c05282f76  xsa410/xsa410-4.14-08.patch
ca3116eb10b4ea29a4e5ce97a40d0f504418a8cd890fa49fb4ddf6c3acba9a9b  xsa410/xsa410-4.14-09.patch
8d5fe7f71937a73c44cd21d7e0379b3c4b088dd4402b9d833be84f7d5c20ce2e  xsa410/xsa410-4.14-10.patch
27857174e10917e02c6b9c6b8c29d5510c308035462a9a18bcdfebcef8c1e7af  xsa410/xsa410-4.16-01.patch
7fc330e398e99023f9875004409ae4cb3943b15338662c242887f593d909e271  xsa410/xsa410-4.16-02.patch
9a72aaef6a65ec984022590c5e1bb39527873df4607604746d0a0b91636271d8  xsa410/xsa410-4.16-03.patch
4dffbb2e5933c18426e6ce0cbba94c42637f59b8cec03aad2bfc54d81c49d3e3  xsa410/xsa410-4.16-04.patch
2e5d91e3e5e0e7a294caada1399e017487063642bbb42bddfa5169db6faab37e  xsa410/xsa410-4.16-05.patch
8174d9ed5f633f5a043084bf0cfb08211173f1afbfc5240c306bffa69c883595  xsa410/xsa410-4.16-06.patch
b78792bd0d51a8e18d570d225df556f2099272cab00f1cb95bbbb4c08d299ce1  xsa410/xsa410-4.16-07.patch
1f3f14bf3091e685cf6ac530baf7bd060586cf3db330ba1218d1048eb672d6eb  xsa410/xsa410-4.16-08.patch
63af35d559156436276967c94b3402982914b0fdd77187ff5b0bbf3dda356589  xsa410/xsa410-4.16-09.patch
aec46e8afc1f3ae8d1a99942dfbcc919879feba3287bd700011520e2e018acd3  xsa410/xsa410-4.16-10.patch
6cf86d574ff45719659ed23af352fdc64d6563434057b733ac46ec6d5c758a3f  xsa410/xsa410-04.patch
296d38e69eebab2985cdab70419ca5fd73380d94b35c96fa7f6820fead59bf95  xsa410/xsa410-05.patch
e590762c70faad493b4e95c9f747ad9c3b313233f1b0aba3e81df5f40565cc51  xsa410/xsa410-06.patch
28164010d988fb590c7b22ef7f3571142660ec975ee8709f28fe310f220f7b08  xsa410/xsa410-07.patch
0ad43b452e5aef2657f311b6fa2fbc1eb07702d08c78878b1e614c573606feeb  xsa410/xsa410-08.patch
04f02d9b06f74a8921557196b39c2cf3dd8fd7bf0c1f350d0c55d8d49187e9a7  xsa410/xsa410-09.patch
8f8bfec345c3dde1614c9fbd2a3a089e4aee4baed5596de7c0793140822704e1  xsa410/xsa410-10.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmMy8fgMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZ/j8H/1PUxktaYN9Kz4lC/+3YyyRX2m4NgzzLq4QNu/KS
Z3oOEDMbD5WzVL1EQASptiKvV3lr3KDDDn/lTBFzkILnUUU5ektOtvxe/GnGxoXY
n0MwrjNej849Jo2T9BFdLVxHj4k6Mmx19g5MXNmxu62N+vmVbLdMfxYlqvXHx1nX
hxAreJTHkphgvLusP9aWl3nt4b1J3FDE6NholXcHIpq+HIdWfrH+9yY34DcXDz37
K047P3ywAO77NsA0dhDvU3w0SJlLqDMwCzTxUDWhsx9b6Xwsn2bEGG7YlFNDAZGS
2wfRqCRGI970AnswjslUzUgWD3F+IRtUt4ev3oYVyP770tA=
=00Xt
-----END PGP SIGNATURE-----

Comment 4 Carlos López 2022-09-30 07:11:09 UTC

Created attachment 861885 [details]
v2 patches

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2022-33746 / XSA-410
                               version 2

              P2M pool freeing may take excessively long

              *** EMBARGOED UNTIL 2022-10-11 12:00 UTC ***

UPDATES IN VERSION 2
====================

Correct altp2m preemption logic in final patch.

ISSUE DESCRIPTION
=================

The P2M pool backing second level address translation for guests may be
of significant size.  Therefore its freeing may take more time than is
reasonable without intermediate preemption checks.  Such checking for
the need to preempt was so far missing.

IMPACT
======

A group of collaborating guests can cause the temporary locking up of a
CPU, potentially leading to a Denial of Service (DoS) affecting the
entire host.

VULNERABLE SYSTEMS
==================

All Xen versions are vulnerable.

x86 HVM and PVH guests as well as Arm guests can trigger the
vulnerability.  x86 PV guests cannot trigger the vulnerability.

MITIGATION
==========

Running only PV guests will avoid the vulnerability.

RESOLUTION
==========

Applying the appropriate set of attached patches resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa410/xsa410-??.patch           xen-unstable
xsa410/xsa410-4.16-??.patch      Xen 4.16.x - 4.15.x
xsa410/xsa410-4.14-??.patch      Xen 4.14.x
xsa410/xsa410-4.13-??.patch      Xen 4.13.x

$ sha256sum xsa410* xsa410*/*
70b2f2c880b30094c9bdbd3ae4b20b32acfc8daf94d5add5884998ff20ffc0e7  xsa410.meta
632f4d71bc9dfc5ddcf649b1e484a918b4cb3d270dedad3b904bf4552318ae0d  xsa410/xsa410-01.patch
a2c1e6871a76b9d0c7f54b5557c6d0e1a02423bca5b27354aa7e872b0016047e  xsa410/xsa410-02.patch
61b8c71ad199dfa9762e739a592aa0a7f3b79d42e88d80a9589a993c768352be  xsa410/xsa410-03.patch
fb11b3d730bb665add2447b8f2258755604ce51e0ccc0731cddd938a538b051f  xsa410/xsa410-4.13-01.patch
ce5e780fdd162a1961fb0d51ccd7db8c3b2cedcee444ee3a58569bd8bbcfd6e8  xsa410/xsa410-4.13-02.patch
33514a6bf40d6c73fa7ca064b3e0401048f87eecbd007601bca6943b58f5c4b5  xsa410/xsa410-4.13-03.patch
af7d5eeda27e789c91e39b58110b25b668ecc241ed87bf4d75d9ff2bf647c660  xsa410/xsa410-4.13-04.patch
972e95787d635056bb0476bff990af0957d9669b4b4948975a74ed085b9fdc38  xsa410/xsa410-4.13-05.patch
4587ff1246f1ea59053e76cdded0e42aba8e747123c8b37b7fe4e03f39d3a447  xsa410/xsa410-4.13-06.patch
99a2a83ea89aa0a79c3cd938917d6b7de1e7e52ec744fb2e0ed1ed2a577cb203  xsa410/xsa410-4.13-07.patch
b36cc0d96111dbf65b7fefbce5fe9c5fe737dca24453f10f76253ce5bdcbb37d  xsa410/xsa410-4.13-08.patch
b548a1ba8082e5dbb35943bbacc5391766343c373c6edd2eb96d430cacdac00b  xsa410/xsa410-4.13-09.patch
9fae7cf66cb298737ad5f021c349291ec84f8de83d02a9b814967fb97b85ad1f  xsa410/xsa410-4.13-10.patch
0b91fcfc0a29428cfc06f4f1ddb01f5d1e7f144eae05635f2e9ef46dd7b33f0a  xsa410/xsa410-4.14-01.patch
a7a7e7e9529e91454035ad468c46faae34638be1f5f0694e1fe352c6c1acff06  xsa410/xsa410-4.14-02.patch
75bb2296a9f8adeb0ae3fc330f158614aab94a9263aba99730fe31d71be93d62  xsa410/xsa410-4.14-03.patch
8ad3dc1957fdb440e0bbd3b8e17286361ddfa6bb748ba6d48cc85ca8e88862ba  xsa410/xsa410-4.14-04.patch
5aba547158d8f182eb8a148a03c3c69741d264b568a80b349c34b99e36e75647  xsa410/xsa410-4.14-05.patch
5b343f47ce34c53a0cf300a05ccd6898f695e62ced4b0f14d64c9947c8c17250  xsa410/xsa410-4.14-06.patch
d34f3107061f13fdd1338d78544584d3509f8f7dabde78027f308c934cfeeb10  xsa410/xsa410-4.14-07.patch
8ccce0e109f6e0957643a04c822b7637b2cc7094ab73c4b19898657c05282f76  xsa410/xsa410-4.14-08.patch
ca3116eb10b4ea29a4e5ce97a40d0f504418a8cd890fa49fb4ddf6c3acba9a9b  xsa410/xsa410-4.14-09.patch
ec1ad7529e6406f7fff9ebe35caf64419e360feadc9fae4ea679bff88238eefa  xsa410/xsa410-4.14-10.patch
27857174e10917e02c6b9c6b8c29d5510c308035462a9a18bcdfebcef8c1e7af  xsa410/xsa410-4.16-01.patch
7fc330e398e99023f9875004409ae4cb3943b15338662c242887f593d909e271  xsa410/xsa410-4.16-02.patch
9a72aaef6a65ec984022590c5e1bb39527873df4607604746d0a0b91636271d8  xsa410/xsa410-4.16-03.patch
4dffbb2e5933c18426e6ce0cbba94c42637f59b8cec03aad2bfc54d81c49d3e3  xsa410/xsa410-4.16-04.patch
2e5d91e3e5e0e7a294caada1399e017487063642bbb42bddfa5169db6faab37e  xsa410/xsa410-4.16-05.patch
8174d9ed5f633f5a043084bf0cfb08211173f1afbfc5240c306bffa69c883595  xsa410/xsa410-4.16-06.patch
b78792bd0d51a8e18d570d225df556f2099272cab00f1cb95bbbb4c08d299ce1  xsa410/xsa410-4.16-07.patch
1f3f14bf3091e685cf6ac530baf7bd060586cf3db330ba1218d1048eb672d6eb  xsa410/xsa410-4.16-08.patch
63af35d559156436276967c94b3402982914b0fdd77187ff5b0bbf3dda356589  xsa410/xsa410-4.16-09.patch
85e8da807225df97583f5331491f29ecea059ce770c59a1a898a4b19b838f0c1  xsa410/xsa410-4.16-10.patch
6cf86d574ff45719659ed23af352fdc64d6563434057b733ac46ec6d5c758a3f  xsa410/xsa410-04.patch
296d38e69eebab2985cdab70419ca5fd73380d94b35c96fa7f6820fead59bf95  xsa410/xsa410-05.patch
e590762c70faad493b4e95c9f747ad9c3b313233f1b0aba3e81df5f40565cc51  xsa410/xsa410-06.patch
28164010d988fb590c7b22ef7f3571142660ec975ee8709f28fe310f220f7b08  xsa410/xsa410-07.patch
0ad43b452e5aef2657f311b6fa2fbc1eb07702d08c78878b1e614c573606feeb  xsa410/xsa410-08.patch
04f02d9b06f74a8921557196b39c2cf3dd8fd7bf0c1f350d0c55d8d49187e9a7  xsa410/xsa410-09.patch
a67ae39583867ed5d3900c4b45e2e32e9ac4ec58298c6508cedb273e9b7caf4b  xsa410/xsa410-10.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.

(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmM1r3gMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZoc8H/iIl+PKUj3tbslpxxzXKayamNjOs2kY5HsUooMDK
zBzzxDcf6eZq1GUr+qKPIiT815udedSXyKtsMc2AJU5RvV0dmQ1QOqU15EXxyYz9
LtmQ9eWGVPICLMUaDo89KzPLX3yA8ny+8O7d8I6djxW9pcHnVuby/EvZ0BoATbWP
MI4/4Le1L+3LTtdH+0VgrGK6RjcQ2S4vr7rIzHvhf58fYjD7jDx71KXY749H/Ctx
wsvxvy0Q6brzdW3H7nquthfIoQuo82dgkAQDeeO2MbRR+LS8wmRSnNQKuB6ZzK1d
2ppMw6KDrE36fVvQz3z7VtrLqxyY0auUqjVyMMDmGPsaQO8=
=5Qrf
-----END PGP SIGNATURE-----

Comment 6 Carlos López 2022-10-11 12:08:52 UTC

Public:
https://xenbits.xen.org/xsa/advisory-410.html

Comment 7 Charles Arnold 2022-10-13 21:15:54 UTC

11-SP3-Teradata Submission: SR#282307

Comment 9 Swamp Workflow Management 2022-10-19 22:22:35 UTC

SUSE-SU-2022:3665-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027519,1167608,1185104,1197081,1200762,1201394,1201631,1203806,1203807
CVE References: CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33745,CVE-2022-33746,CVE-2022-33748
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    xen-4.14.5_06-150300.3.35.1
openSUSE Leap 15.3 (src):    xen-4.14.5_06-150300.3.35.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    xen-4.14.5_06-150300.3.35.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xen-4.14.5_06-150300.3.35.1
SUSE Linux Enterprise Micro 5.2 (src):    xen-4.14.5_06-150300.3.35.1
SUSE Linux Enterprise Micro 5.1 (src):    xen-4.14.5_06-150300.3.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-10-25 19:20:22 UTC

SUSE-SU-2022:3727-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1027519,1167608,1201631,1201994,1203806,1203807
CVE References: CVE-2022-33746,CVE-2022-33748
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    xen-4.16.2_06-150400.4.11.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    xen-4.16.2_06-150400.4.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    xen-4.16.2_06-150400.4.11.1
SUSE Linux Enterprise Micro 5.3 (src):    xen-4.16.2_06-150400.4.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-10-25 19:25:15 UTC

SUSE-SU-2022:3728-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1200762,1203806,1203807
CVE References: CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33746,CVE-2022-33748
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xen-4.12.4_28-3.77.1
SUSE Linux Enterprise Server 12-SP5 (src):    xen-4.12.4_28-3.77.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2022-11-09 17:28:14 UTC

SUSE-SU-2022:3925-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    xen-4.10.4_40-150000.3.84.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    xen-4.10.4_40-150000.3.84.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    xen-4.10.4_40-150000.3.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2022-11-10 14:23:29 UTC

SUSE-SU-2022:3928-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1199966,1200762,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    xen-4.12.4_30-150100.3.80.1
SUSE Enterprise Storage 6 (src):    xen-4.12.4_30-150100.3.80.1
SUSE CaaS Platform 4.0 (src):    xen-4.12.4_30-150100.3.80.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2022-11-11 21:00:33 UTC

SUSE-SU-2022:3947-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    xen-4.14.5_08-150300.3.40.1
openSUSE Leap 15.3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Micro 5.2 (src):    xen-4.14.5_08-150300.3.40.1
SUSE Linux Enterprise Micro 5.1 (src):    xen-4.14.5_08-150300.3.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2022-11-14 17:21:48 UTC

SUSE-SU-2022:3971-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1167608,1185104,1193923,1199966,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Manager Retail Branch Server 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Manager Proxy 4.1 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    xen-4.13.4_16-150200.3.65.1
SUSE Enterprise Storage 7 (src):    xen-4.13.4_16-150200.3.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-11-16 11:22:38 UTC

SUSE-SU-2022:4007-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    xen-4.16.2_08-150400.4.16.1
SUSE Linux Enterprise Micro 5.3 (src):    xen-4.16.2_08-150400.4.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2022-11-17 17:25:30 UTC

SUSE-SU-2022:4051-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1203806,1203807,1204482,1204485,1204487,1204489,1204490,1204494
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    xen-4.7.6_28-43.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Swamp Workflow Management 2022-11-28 14:24:59 UTC

SUSE-SU-2022:4241-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1185104,1193923,1203806,1203807,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2021-28689,CVE-2022-33746,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    xen-4.11.4_34-2.83.1
SUSE OpenStack Cloud 9 (src):    xen-4.11.4_34-2.83.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    xen-4.11.4_34-2.83.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    xen-4.11.4_34-2.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2022-12-06 17:22:38 UTC

SUSE-SU-2022:4332-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1193923,1203806,1204482,1204485,1204487,1204488,1204489,1204490,1204494,1204496
CVE References: CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    xen-4.12.4_30-3.82.1
SUSE Linux Enterprise Server 12-SP5 (src):    xen-4.12.4_30-3.82.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.