Alpine: multiple xen packages: security update to 4.15.2-r2

high Tenable Self-Hosted Container Security Plugin ID 435479

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only
less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore
internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping
structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.
(CVE-2022-26357)

- LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
(CVE-2021-26401)

- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access. (CVE-2022-21123)

- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-26401

https://security.alpinelinux.org/vuln/CVE-2022-21123

https://security.alpinelinux.org/vuln/CVE-2022-21125

https://security.alpinelinux.org/vuln/CVE-2022-21166

https://security.alpinelinux.org/vuln/CVE-2022-26356

https://security.alpinelinux.org/vuln/CVE-2022-26357

https://security.alpinelinux.org/vuln/CVE-2022-26358

https://security.alpinelinux.org/vuln/CVE-2022-26359

https://security.alpinelinux.org/vuln/CVE-2022-26360

https://security.alpinelinux.org/vuln/CVE-2022-26361

Plugin Details

Severity: High

ID: 435479

Version: Revision 1.3

Type: Local

Published: 10/1/2025

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

Percentile: 96.59

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-26357

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-26361

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/8/2022

Reference Information

CVE: CVE-2021-26401, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-26356, CVE-2022-26357, CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361