Overview

File _patchinfo of Package patchinfo.25153

<patchinfo incident="25153">
  <issue tracker="bnc" id="1201469">VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407)</issue>
  <issue tracker="bnc" id="1200549">VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404)</issue>
  <issue tracker="bnc" id="1201394">VUL-0: EMBARGOED: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1199965">VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition (XSA-401)</issue>
  <issue tracker="bnc" id="1199966">VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings (XSA-402)</issue>
  <issue tracker="cve" id="2022-26362"/>
  <issue tracker="cve" id="2022-26364"/>
  <issue tracker="cve" id="2022-23825"/>
  <issue tracker="cve" id="2022-26363"/>
  <issue tracker="cve" id="2022-33745"/>
  <issue tracker="cve" id="2022-21166"/>
  <issue tracker="cve" id="2022-29900"/>
  <issue tracker="cve" id="2022-21123"/>
  <issue tracker="cve" id="2022-21125"/>
  <issue tracker="cve" id="2022-23816"/>
  <packager>charlesa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).

Fixed several upstream bugs (bsc#1027519). 
</description>
<reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places