rpm package
opensuse/xen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8104 | Cri | 10.0 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Nov 16, 2015 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |
| CVE-2015-5307 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Nov 16, 2015 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | ||
| CVE-2015-6855 | Hig | 7.5 | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Nov 6, 2015 | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, | |
| CVE-2015-7972 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2015 | The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users t | ||
| CVE-2015-7971 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2015 | Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in | ||
| CVE-2015-7970 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2015 | The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-co | ||
| CVE-2015-7969 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2015 | Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcp | ||
| CVE-2015-7835 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 30, 2015 | The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||
| CVE-2015-7311 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Oct 1, 2015 | libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | ||
| CVE-2015-4037 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Aug 26, 2015 | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. | ||
| CVE-2015-5154 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Aug 12, 2015 | Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||
| CVE-2015-3259 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jul 16, 2015 | Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. | ||
| CVE-2015-4106 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 3, 2015 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact vi | ||
| CVE-2015-4105 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 3, 2015 | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | ||
| CVE-2015-4104 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 3, 2015 | Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. | ||
| CVE-2015-4103 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jun 3, 2015 | Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. | ||
| CVE-2015-3456 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | May 13, 2015 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o | ||
| CVE-2015-3340 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Apr 28, 2015 | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. | ||
| CVE-2014-6268 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jan 12, 2015 | The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. | ||
| CVE-2014-7815 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Nov 14, 2014 | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. |
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
- CVE-2015-5307Nov 16, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
- affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
- CVE-2015-7972Oct 30, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users t
- CVE-2015-7971Oct 30, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in
- CVE-2015-7970Oct 30, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-co
- CVE-2015-7969Oct 30, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcp
- CVE-2015-7835Oct 30, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
- CVE-2015-7311Oct 1, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
- CVE-2015-4037Aug 26, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
- CVE-2015-5154Aug 12, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
- CVE-2015-3259Jul 16, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
- CVE-2015-4106Jun 3, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact vi
- CVE-2015-4105Jun 3, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
- CVE-2015-4104Jun 3, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
- CVE-2015-4103Jun 3, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
- CVE-2015-3456May 13, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
- CVE-2015-3340Apr 28, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
- CVE-2014-6268Jan 12, 2015affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.
- CVE-2014-7815Nov 14, 2014affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
Page 11 of 14