Overview

File _patchinfo of Package patchinfo.33341

<patchinfo incident="33341">
  <issue tracker="bnc" id="1222453">VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456)</issue>
  <issue tracker="bnc" id="1221984">VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454)</issue>
  <issue tracker="bnc" id="1222302">VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="cve" id="2024-31142"/>
  <issue tracker="cve" id="2024-2201"/>
  <issue tracker="cve" id="2023-46842"/>
  <packager>charlesa</packager>
  <rating>moderate</rating>
  <category>security</category>
  <reboot_needed/>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)

Other fixes:

- Update to Xen 4.16.6 (bsc#1027519)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places