rpm package
opensuse/xen&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweed
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25602 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc | ||
| CVE-2020-25601 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c | ||
| CVE-2020-25600 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones | ||
| CVE-2020-25599 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou | ||
| CVE-2020-25598 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is | ||
| CVE-2020-25597 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim | ||
| CVE-2020-25595 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Sep 23, 2020 | An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specific | ||
| CVE-2020-15567 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-at | ||
| CVE-2020-15565 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require fl | ||
| CVE-2020-15563 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A mali | ||
| CVE-2020-15566 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jul 7, 2020 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory | ||
| CVE-2020-0543 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Jun 15, 2020 | Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2020-11743 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 14, 2020 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one | ||
| CVE-2020-11742 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 14, 2020 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 int | ||
| CVE-2020-11740 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 14, 2020 | An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. Thes | ||
| CVE-2020-11739 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Apr 14, 2020 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processo | ||
| CVE-2015-6815 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jan 31, 2020 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | ||
| CVE-2015-5239 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jan 23, 2020 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | ||
| CVE-2015-5278 | — | < 4.7.0_12-1.3 | 4.7.0_12-1.3 | Jan 23, 2020 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||
| CVE-2019-17349 | — | < 4.15.1_01-1.2 | 4.15.1_01-1.2 | Oct 8, 2019 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. |
- CVE-2020-25602Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest acc
- CVE-2020-25601Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event c
- CVE-2020-25600Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones
- CVE-2020-25599Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to ou
- CVE-2020-25598Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is
- CVE-2020-25597Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life tim
- CVE-2020-25595Sep 23, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specific
- CVE-2020-15567Jul 7, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-at
- CVE-2020-15565Jul 7, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require fl
- CVE-2020-15563Jul 7, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A mali
- CVE-2020-15566Jul 7, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory
- CVE-2020-0543Jun 15, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2020-11743Apr 14, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one
- CVE-2020-11742Apr 14, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 int
- CVE-2020-11740Apr 14, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. Thes
- CVE-2020-11739Apr 14, 2020affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processo
- CVE-2015-6815Jan 31, 2020affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
- CVE-2015-5239Jan 23, 2020affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
- CVE-2015-5278Jan 23, 2020affected < 4.7.0_12-1.3fixed 4.7.0_12-1.3
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
- CVE-2019-17349Oct 8, 2019affected < 4.15.1_01-1.2fixed 4.15.1_01-1.2
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.
Page 5 of 14