VYPR

rpm package

opensuse/xen&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed

Vulnerabilities (279)

  • CVE-2012-5513Dec 13, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved r

  • CVE-2012-5511Dec 13, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.

  • CVE-2012-5510Dec 13, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

  • CVE-2012-3432Dec 3, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash

  • CVE-2012-4538Nov 24, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.

  • CVE-2012-3433Nov 24, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.

  • CVE-2012-4411Nov 23, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.

  • CVE-2012-4539Nov 21, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vuln

  • CVE-2012-4537Nov 21, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapp

  • CVE-2012-4536Nov 21, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.

  • CVE-2012-4535Nov 21, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline."

  • CVE-2012-4544Oct 31, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

  • CVE-2012-2625Oct 31, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.

  • CVE-2012-0217Jun 12, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and

  • CVE-2012-0029Jan 27, 2012
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

  • CVE-2011-1898Aug 12, 2011
    affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3

    Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

  • CVE-2007-3919Oct 28, 2007
    affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2

    (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

  • CVE-2007-1366May 2, 2007
    affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2

    QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

  • CVE-2007-1320May 2, 2007
    affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2

    Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existe

Page 14 of 14