File _patchinfo of Package patchinfo.39152

<patchinfo incident="39152">
  <issue tracker="cve" id="2024-28956"/>
  <issue tracker="cve" id="2025-1713"/>
  <issue tracker="cve" id="2024-53241"/>
  <issue tracker="cve" id="2025-27465"/>
  <issue tracker="cve" id="2024-36357"/>
  <issue tracker="cve" id="2024-36350"/>
  <issue tracker="bnc" id="1234282">VUL-0: CVE-2024-53241: xen: XSA-466: Xen hypercall page unsafe against speculative attacks</issue>
  <issue tracker="bnc" id="1238043">VUL-0: CVE-2025-1713: xen: deadlock potential with VT-d and legacy PCI device pass-through</issue>
  <issue tracker="bnc" id="1243117">VUL-0: CVE-2024-28956: xen: Intel CPU: Indirect Target Selection (ITS)</issue>
  <issue tracker="bnc" id="1027519">Xen: Missing upstream bug fixes</issue>
  <issue tracker="bnc" id="1246112">VUL-0: xen: More AMD transient execution attacks</issue>
  <issue tracker="bnc" id="1244644">VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs exception handling for flags recovery (XSA-470)</issue>
  <issue tracker="bnc" id="1238896">VUL-0: AMD: More transient execution attacks</issue>
  <packager>charlesa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

Security fixes:

- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)

Other fixes:

- Upstream bug fixes (bsc#1027519)
</description>
<reboot_needed/>
</patchinfo>