Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Список пакетов
SUSE Enterprise Storage 7.1
xen-4.14.6_26-150300.3.91.1
xen-devel-4.14.6_26-150300.3.91.1
xen-libs-4.14.6_26-150300.3.91.1
xen-tools-4.14.6_26-150300.3.91.1
xen-tools-domU-4.14.6_26-150300.3.91.1
xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
xen-4.14.6_26-150300.3.91.1
xen-devel-4.14.6_26-150300.3.91.1
xen-libs-4.14.6_26-150300.3.91.1
xen-tools-4.14.6_26-150300.3.91.1
xen-tools-domU-4.14.6_26-150300.3.91.1
xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1
SUSE Linux Enterprise Micro 5.1
xen-libs-4.14.6_26-150300.3.91.1
SUSE Linux Enterprise Micro 5.2
xen-libs-4.14.6_26-150300.3.91.1
SUSE Linux Enterprise Server 15 SP3-LTSS
xen-4.14.6_26-150300.3.91.1
xen-devel-4.14.6_26-150300.3.91.1
xen-libs-4.14.6_26-150300.3.91.1
xen-tools-4.14.6_26-150300.3.91.1
xen-tools-domU-4.14.6_26-150300.3.91.1
xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
xen-4.14.6_26-150300.3.91.1
xen-devel-4.14.6_26-150300.3.91.1
xen-libs-4.14.6_26-150300.3.91.1
xen-tools-4.14.6_26-150300.3.91.1
xen-tools-domU-4.14.6_26-150300.3.91.1
xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1
Ссылки
- Link for SUSE-SU-2025:02319-1
- E-Mail link for SUSE-SU-2025:02319-1
- SUSE Security Ratings
- SUSE Bug 1238896
- SUSE Bug 1244644
- SUSE Bug 1246112
- SUSE CVE CVE-2024-36350 page
- SUSE CVE CVE-2024-36357 page
- SUSE CVE CVE-2025-27465 page
Описание
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
Затронутые продукты
SUSE Enterprise Storage 7.1:xen-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-devel-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-libs-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-tools-4.14.6_26-150300.3.91.1
Ссылки
- CVE-2024-36350
- SUSE Bug 1238896
Описание
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
Затронутые продукты
SUSE Enterprise Storage 7.1:xen-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-devel-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-libs-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-tools-4.14.6_26-150300.3.91.1
Ссылки
- CVE-2024-36357
- SUSE Bug 1238896
Описание
unknown
Затронутые продукты
SUSE Enterprise Storage 7.1:xen-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-devel-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-libs-4.14.6_26-150300.3.91.1
SUSE Enterprise Storage 7.1:xen-tools-4.14.6_26-150300.3.91.1
Ссылки
- CVE-2025-27465
- SUSE Bug 1244644